-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Migrate to GHCR #6478
Merged
Merged
Migrate to GHCR #6478
Changes from 19 commits
Commits
Show all changes
21 commits
Select commit
Hold shift + click to select a range
1439033
build.yaml updates
willdavsmith 4e3d223
Adding comment
willdavsmith 13899ef
Find and replace
willdavsmith 5c3079c
Fixing issue
willdavsmith 0613944
wip
willdavsmith c370d9d
Fixes
willdavsmith 6885a98
commenting tests
willdavsmith ae39dab
logging in for now
willdavsmith 39b28e9
Fixing recipes mk
willdavsmith ac8d30a
Fixing recipes mk
willdavsmith 15a7ab4
Fixing recipes mk
willdavsmith 50d44ae
why no work
willdavsmith a7c0c84
Updating dev recipe logic
ytimocin 9414083
test
willdavsmith 6980af3
removing test-functional-kubernetes
willdavsmith ef51d13
PR
willdavsmith 208711b
PR
willdavsmith 25d30f0
PR
willdavsmith a5059a5
fixing release
willdavsmith 3ac170c
re-enabling k8s tests
willdavsmith 44762b7
Merge branch 'main' into willdavsmith/ghcr
willdavsmith File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -36,26 +36,27 @@ concurrency: | |
env: | ||
# Go version to install | ||
GOVER: '^1.21' | ||
GOPROXY: https://proxy.golang.org | ||
|
||
# gotestsum version - see: https://github.com/gotestyourself/gotestsum | ||
GOTESTSUMVERSION: 1.10.0 | ||
|
||
# Use radiusdev.azurecr.io for PR build. Otherwise, use radius.azurecr.io. | ||
# TODO_LAUNCH: Remove this variable when we opensource the repo - https://github.com/radius-project/radius/issues/5892 | ||
DOCKER_REGISTRY: ${{ github.event_name == 'pull_request' && 'radiusdev.azurecr.io' || 'radius.azurecr.io' }} | ||
|
||
# GitHub Actor for pushing images to GHCR | ||
GHCR_ACTOR: rad-ci-bot | ||
|
||
# Container registry url for GitHub container registry. | ||
CONTAINER_REGISTRY: ${{ github.event_name == 'pull_request' && 'ghcr.io/radius-project/dev' || 'ghcr.io/radius-project/radius' }} | ||
CONTAINER_REGISTRY: ${{ github.event_name == 'pull_request' && 'ghcr.io/radius-project/dev' || 'ghcr.io/radius-project' }} | ||
|
||
# Local file path to the release binaries. | ||
RELEASE_PATH: ./release | ||
|
||
# ORAS (OCI Registry As Storage) CLI version | ||
ORAS_VERSION: 1.1.0 | ||
|
||
# URL to get source code for building the image | ||
IMAGE_SRC: https://github.com/radius-project/radius | ||
|
||
jobs: | ||
build: | ||
build-and-push-cli: | ||
name: Build ${{ matrix.target_os }}_${{ matrix.target_arch }} binaries | ||
runs-on: ubuntu-latest | ||
env: | ||
|
@@ -126,7 +127,6 @@ jobs: | |
with: | ||
name: rad_cli_release | ||
path: ${{ env.RELEASE_PATH }} | ||
# TOOD_LAUNCH: Remove this step when we opensource the repo - https://github.com/radius-project/radius/issues/5892 | ||
- name: Upload CLI binary | ||
uses: actions/upload-artifact@v3 | ||
with: | ||
|
@@ -204,64 +204,25 @@ jobs: | |
with: | ||
path: ./dist/cache | ||
key: radius-coverage-${{ github.sha }}-${{ github.run_number }} | ||
|
||
# Logic here: | ||
# - always do a docker build for validation | ||
# - tag the image as latest and with a version if the trigger was a tag | ||
# - tag the image with the PR version if the trigger was a PR | ||
# - push the image for pushes to master, or to a tag | ||
|
||
# TODO_LAUNCH: Remove 'image' job when we opensource the repo - https://github.com/radius-project/radius/issues/5892 | ||
images: | ||
name: Container image build | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Check out code | ||
uses: actions/checkout@v3 | ||
- name: Parse release version and set environment variables | ||
run: python ./.github/scripts/get_release_version.py | ||
- name: Set up Go ${{ env.GOVER }} | ||
uses: actions/setup-go@v4 | ||
with: | ||
go-version: ${{ env.GOVER }} | ||
- uses: azure/docker-login@v1 | ||
- name: Login to GitHub Container Registry | ||
uses: docker/login-action@v2 | ||
with: | ||
login-server: ${{ env.DOCKER_REGISTRY }} | ||
username: '${{ secrets.DOCKER_USERNAME }}' | ||
password: '${{ secrets.DOCKER_PASSWORD }}' | ||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@v2 | ||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v2 | ||
registry: ghcr.io | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
- uses: oras-project/setup-oras@v1 | ||
with: | ||
platforms: linux/amd64,linux/arm64,linux/arm/v7 | ||
- name: Push container images (latest) | ||
version: ${{ env.ORAS_VERSION }} | ||
- name: Push latest rad cli binary to GHCR (unix-like) | ||
if: github.ref == 'refs/heads/main' && matrix.target_os != 'windows' | ||
run: | | ||
make docker-test-image-build && make docker-test-image-push | ||
make docker-multi-arch-push | ||
if: (github.ref == 'refs/heads/main') # push image to latest on merge to main | ||
env: | ||
DOCKER_REGISTRY: ${{ env.DOCKER_REGISTRY }} | ||
DOCKER_TAG_VERSION: latest | ||
- name: Push container images (PR) | ||
run: | | ||
make docker-test-image-build && make docker-test-image-push | ||
make docker-multi-arch-push | ||
if: github.event_name == 'pull_request' | ||
env: | ||
DOCKER_REGISTRY: ${{ env.DOCKER_REGISTRY }} | ||
DOCKER_TAG_VERSION: ${{ env.REL_VERSION }} # includes PR number | ||
- name: Push container images (release) | ||
oras push ${{ env.CONTAINER_REGISTRY }}/rad/${{ matrix.target_os }}-${{ matrix.target_arch }}:latest ./dist/${{ matrix.target_os}}_${{ matrix.target_arch}}/release/rad --annotation "org.opencontainers.image.source=${{ env.IMAGE_SRC }}" | ||
- name: Copy cli binaries to release (windows) | ||
if: github.ref == 'refs/heads/main' && matrix.target_os == 'windows' | ||
run: | | ||
make docker-test-image-build && make docker-test-image-push | ||
make docker-multi-arch-push | ||
if: startsWith(github.ref, 'refs/tags/v') # push image on tag | ||
env: | ||
DOCKER_REGISTRY: ${{ env.DOCKER_REGISTRY }} | ||
DOCKER_TAG_VERSION: ${{ env.REL_CHANNEL }} | ||
oras push ${{ env.CONTAINER_REGISTRY }}/rad/${{ matrix.target_os }}-${{ matrix.target_arch }}:latest ./dist/${{ matrix.target_os}}_${{ matrix.target_arch}}/release/rad.exe --annotation "org.opencontainers.image.source=${{ env.IMAGE_SRC }}" | ||
|
||
# publish_image is building and publishing images to GHCR. | ||
publish_images: | ||
build-and-push-images: | ||
name: Build and publish container images | ||
runs-on: ubuntu-latest | ||
steps: | ||
|
@@ -277,8 +238,8 @@ jobs: | |
uses: docker/login-action@v2 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ env.GHCR_ACTOR }} | ||
password: ${{ secrets.GH_RAD_CI_BOT_PAT }} | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@v2 | ||
- name: Set up Docker Buildx | ||
|
@@ -309,9 +270,10 @@ jobs: | |
env: | ||
DOCKER_REGISTRY: ${{ env.CONTAINER_REGISTRY }} | ||
DOCKER_TAG_VERSION: ${{ env.REL_CHANNEL }} | ||
helm: | ||
|
||
build-and-push-helm-chart: | ||
name: Helm chart build | ||
needs: ['images', 'publish_images'] | ||
rynowak marked this conversation as resolved.
Show resolved
Hide resolved
|
||
needs: ['build-and-push-images'] | ||
runs-on: ubuntu-latest | ||
env: | ||
ARTIFACT_DIR: ./dist/Charts | ||
|
@@ -343,16 +305,14 @@ jobs: | |
--username ${{ secrets.AZURE_SP_TESTS_APPID }} \ | ||
--password ${{ secrets.AZURE_SP_TESTS_PASSWORD }} \ | ||
--tenant ${{ secrets.AZURE_SP_TESTS_TENANTID }} | ||
- name: Push helm chart to ACR | ||
run: | | ||
az acr helm push --name radius ${{ env.ARTIFACT_DIR }}/${{ env.HELM_PACKAGE_DIR }}/radius-${{ env.CHART_VERSION }}.tgz --force | ||
- name: Push helm chart to GHCR | ||
run: | | ||
echo ${{ secrets.GITHUB_TOKEN }} | helm registry login -u ${{ github.actor }} --password-stdin ${{ env.OCI_REGISTRY }} | ||
helm push ${{ env.ARTIFACT_DIR }}/${{ env.HELM_PACKAGE_DIR }}/radius-${{ env.CHART_VERSION }}.tgz oci://${{ env.OCI_REGISTRY }}/${{ env.OCI_REPOSITORY }} | ||
publish_release: | ||
|
||
publish-release: | ||
name: Publish GitHub Release | ||
needs: [ 'build' ] | ||
needs: ['build-and-push-cli'] | ||
runs-on: ubuntu-latest | ||
if: startsWith(github.ref, 'refs/tags/v') | ||
steps: | ||
|
@@ -376,8 +336,6 @@ jobs: | |
--generate-notes \ | ||
--verify-tag \ | ||
--prerelease | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GH_RAD_CI_BOT_PAT }} | ||
- name: Create GitHub Official Release | ||
if: ${{ !contains(env.REL_VERSION, 'rc') }} | ||
run: | | ||
|
@@ -386,96 +344,11 @@ jobs: | |
--title "Project Radius v${{ env.REL_VERSION }}" \ | ||
--notes-file docs/release-notes/v${{ env.REL_VERSION }}.md \ | ||
--verify-tag | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GH_RAD_CI_BOT_PAT }} | ||
# TODO_LAUNCH: Remove this job once we opensource - https://github.com/radius-project/radius/issues/5892 | ||
publish: | ||
name: Publish rad CLI binaries | ||
needs: [ 'build' ] | ||
runs-on: ubuntu-latest | ||
if: (github.ref == 'refs/heads/main') || startsWith(github.ref, 'refs/tags/v') # upload on push to main or tag | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
- name: Parse release version and set environment variables | ||
run: python ./.github/scripts/get_release_version.py | ||
- name: Download release artifacts | ||
uses: actions/download-artifact@v3 | ||
with: | ||
name: rad_cli_darwin_arm64 | ||
path: rad_cli_darwin_arm64 | ||
- name: Download release artifacts | ||
uses: actions/download-artifact@v3 | ||
with: | ||
name: rad_cli_darwin_amd64 | ||
path: rad_cli_darwin_amd64 | ||
- name: Download release artifacts | ||
uses: actions/download-artifact@v3 | ||
with: | ||
name: rad_cli_linux_arm | ||
path: rad_cli_linux_arm | ||
- name: Download release artifacts | ||
uses: actions/download-artifact@v3 | ||
with: | ||
name: rad_cli_linux_arm64 | ||
path: rad_cli_linux_arm64 | ||
- name: Download release artifacts | ||
uses: actions/download-artifact@v3 | ||
with: | ||
name: rad_cli_linux_amd64 | ||
path: rad_cli_linux_amd64 | ||
- name: Download release artifacts | ||
uses: actions/download-artifact@v3 | ||
with: | ||
name: rad_cli_windows_amd64 | ||
path: rad_cli_windows_amd64 | ||
- uses: bacongobbler/[email protected] | ||
with: | ||
source_dir: rad_cli_darwin_amd64 | ||
container_name: 'tools' | ||
connection_string: ${{ secrets.ASSETS_STORAGE_CONNECTION_STRING }} | ||
overwrite: 'true' | ||
extra_args: '--destination-path rad/${{ env.REL_CHANNEL }}/macos-x64/ --pattern rad --timeout 300' | ||
- uses: bacongobbler/[email protected] | ||
with: | ||
source_dir: rad_cli_darwin_arm64 | ||
container_name: 'tools' | ||
connection_string: ${{ secrets.ASSETS_STORAGE_CONNECTION_STRING }} | ||
overwrite: 'true' | ||
extra_args: '--destination-path rad/${{ env.REL_CHANNEL }}/macos-arm64/ --pattern rad --timeout 300' | ||
- uses: bacongobbler/[email protected] | ||
with: | ||
source_dir: rad_cli_linux_amd64 | ||
container_name: 'tools' | ||
connection_string: ${{ secrets.ASSETS_STORAGE_CONNECTION_STRING }} | ||
overwrite: 'true' | ||
extra_args: '--destination-path rad/${{ env.REL_CHANNEL }}/linux-x64/ --pattern rad --timeout 300' | ||
- uses: bacongobbler/[email protected] | ||
with: | ||
source_dir: rad_cli_linux_arm | ||
container_name: 'tools' | ||
connection_string: ${{ secrets.ASSETS_STORAGE_CONNECTION_STRING }} | ||
overwrite: 'true' | ||
extra_args: '--destination-path rad/${{ env.REL_CHANNEL }}/linux-arm/ --pattern rad --timeout 300' | ||
- uses: bacongobbler/[email protected] | ||
with: | ||
source_dir: rad_cli_linux_arm64 | ||
container_name: 'tools' | ||
connection_string: ${{ secrets.ASSETS_STORAGE_CONNECTION_STRING }} | ||
overwrite: 'true' | ||
extra_args: '--destination-path rad/${{ env.REL_CHANNEL }}/linux-arm64/ --pattern rad --timeout 300' | ||
- uses: bacongobbler/[email protected] | ||
with: | ||
source_dir: rad_cli_windows_amd64 | ||
container_name: 'tools' | ||
connection_string: ${{ secrets.ASSETS_STORAGE_CONNECTION_STRING }} | ||
overwrite: 'true' | ||
extra_args: '--destination-path rad/${{ env.REL_CHANNEL }}/windows-x64/ --pattern rad.exe --timeout 300' | ||
|
||
delete_artifacts: | ||
name: Delete artifacts | ||
needs: [ 'build', 'publish' ] | ||
if: ${{ always() && !contains(needs.build.result, 'failure') }} | ||
needs: ['build-and-push-cli'] | ||
if: ${{ always() && !contains(needs.build-and-push-cli.result, 'failure') }} | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Delete release artifacts | ||
|
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
using the bicep executable directly did not seem to work with GHCR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep this known behavior. The Bicep executable and our fork can only talk to ACR. We had to bring in the ability to talk to any OCI registry to the rad CLI directly.