From ed7baaabe6d9ce76a655c584a7dd2dfff828cc34 Mon Sep 17 00:00:00 2001 From: Will Smith Date: Mon, 16 Oct 2023 20:58:10 +0100 Subject: [PATCH] Migrate to GHCR (#36) * Publish to ghcr (cherry picked from commit d132a451b9e63322ea465f9c904eeb372da88abd) --- .github/scripts/delete-recipes.sh | 25 ++++--- .github/scripts/publish-recipes.sh | 32 +++++---- .github/workflows/publish-recipes.yaml | 95 ++++++++++++++------------ 3 files changed, 83 insertions(+), 69 deletions(-) diff --git a/.github/scripts/delete-recipes.sh b/.github/scripts/delete-recipes.sh index 8188522..c24ee9c 100755 --- a/.github/scripts/delete-recipes.sh +++ b/.github/scripts/delete-recipes.sh @@ -1,30 +1,29 @@ #! /bin/bash -# Fail immedietly if any command fails +# Fail immediately if any command fails set -e # Get command line arguments -ACR_HOST=$1 +GHCR_ORG=$1 +GHCR_PATH=$2 RECIPE_VERSION=$2 # Print usage information function print_usage() { - echo "Usage: $0 " - echo " Deletes all recipes in the repository from the Azure Container Registry. Requires you to be logged into Azure via az login." - echo " ACR_HOST: Host name of the Azure Container Registry. For example, myregistry.azurecr.io." + echo "Usage: $0 " + echo " Deletes all recipes in the repository from the GitHub Container Registry. Requires you to be logged into GitHub." + echo " GHCR_ORG: Organization name of the GitHub Container Registry. For example, radius-project" + echo " GHCR_PATH: Path name for Recipe storage. For example, recipes" echo " RECIPE_VERSION: Version of the recipe to publish. For example, 1.0" } # Verify that the required arguments are present -if [ -z "$ACR_HOST" ] || [ -z "$RECIPE_VERSION" ]; then +if [ -z "$GHCR_ORG" ] || [ -z "$GHCR_PATH" ] || [ -z "$RECIPE_VERSION" ]; then echo "Missing required arguments" print_usage exit 1 fi -# Login to Azure Container Registry -az acr login --name $ACR_HOST - for RECIPE in $(find . -type f -name "*.bicep") do # Get the recipe name and directory name @@ -32,6 +31,10 @@ do export FILE_NAME=$(basename $RECIPE | cut -d. -f1) export DIR_NAME=$(dirname $RECIPE | cut -d/ -f2) - echo "Deleting $ACR_HOST/recipes/$DIR_NAME/$FILE_NAME:1.0" - az acr repository delete --name $ACR_HOST --image "recipes/$DIR_NAME/$FILE_NAME:$RECIPE_VERSION" --yes + echo "Deleting ghcr.io/$GHCR_ORG/$GHCR_PATH/$DIR_NAME/$FILE_NAME:$RECIPE_VERSION" + gh api \ + --method DELETE \ + -H "Accept: application/vnd.github+json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + /orgs/$GHCR_ORG/packages/container/$GHCR_PATH/$DIR_NAME/$FILE_NAME:$RECIPE_VERSION done diff --git a/.github/scripts/publish-recipes.sh b/.github/scripts/publish-recipes.sh index e1b4bd0..5602db6 100755 --- a/.github/scripts/publish-recipes.sh +++ b/.github/scripts/publish-recipes.sh @@ -1,39 +1,43 @@ #! /bin/bash -# Fail immedietly if any command fails +# Fail immediately if any command fails set -e # Get command line arguments -BICEP_PATH=$1 -ACR_HOST=$2 +GHCR_ORG=$1 +GHCR_PATH=$2 RECIPE_VERSION=$3 -BICEP_EXECUTABLE="$BICEP_PATH/rad-bicep" - # Print usage information function print_usage() { - echo "Usage: $0 " - echo " Publishes all recipes in the repository to the Azure Container Registry. Requires you to be logged into Azure via az login." - echo " BICEP_PATH: Path to the bicep executable. For example, ~/.rad/bin" - echo " ACR_HOST: Host name of the Azure Container Registry. For example, myregistry.azurecr.io." + echo "Usage: $0 " + echo " Publishes all recipes in the repository to the GitHub Container Registry. Requires you to be logged into GitHub" + echo " GHCR_ORG: Organization name of the GitHub Container Registry. For example, radius-project" + echo " GHCR_PATH: Path name for Recipe storage. For example, recipes" echo " RECIPE_VERSION: Version of the recipe to publish. For example, 1.0" } # Verify that the required arguments are present -if [ -z "$BICEP_PATH" ] || [ -z "$ACR_HOST" ] || [ -z "$RECIPE_VERSION" ]; then +if [ -z "$GHCR_ORG" ] || [ -z "$GHCR_PATH" ] || [ -z "$RECIPE_VERSION" ]; then echo "Missing required arguments" print_usage exit 1 fi -echo "## Recipes published to $ACR_HOST" >> $GITHUB_STEP_SUMMARY +# We create output that's intended to be consumed by the GitHub Action summary. If we're +# not running in a GitHub Action, we'll just silence the output. +if [[ -z "$GITHUB_STEP_SUMMARY" ]]; then + GITHUB_STEP_SUMMARY=/dev/null +fi + +echo "## Recipes published to ghcr.io/$GHCR_ORG/$GHCR_PATH" >> $GITHUB_STEP_SUMMARY for RECIPE in $(find . -type f -name "*.bicep") do # Get the platform (file) name and resource (directory) name export FILE_NAME=$(basename $RECIPE | cut -d. -f1) # rediscaches export DIR_NAME=$(dirname $RECIPE | cut -d/ -f2) # dev - echo "Publishing $DIR_NAME/$FILE_NAME to $ACR_HOST from $RECIPE" - echo "- $ACR_HOST/recipes/$DIR_NAME/$FILE_NAME:$RECIPE_VERSION" >> $GITHUB_STEP_SUMMARY - $BICEP_EXECUTABLE publish $RECIPE --target "br:$ACR_HOST/recipes/$DIR_NAME/$FILE_NAME:$RECIPE_VERSION" + echo "Publishing $DIR_NAME/$FILE_NAME to ghcr.io/$GHCR_ORG/$GHCR_PATH from $RECIPE" + echo "- ghcr.io/$GHCR_ORG/$GHCR_PATH/$DIR_NAME/$FILE_NAME:$RECIPE_VERSION" >> $GITHUB_STEP_SUMMARY + rad bicep publish --file $RECIPE --target "br:ghcr.io/$GHCR_ORG/$GHCR_PATH/$DIR_NAME/$FILE_NAME:$RECIPE_VERSION" done diff --git a/.github/workflows/publish-recipes.yaml b/.github/workflows/publish-recipes.yaml index 120f603..0bdab2d 100644 --- a/.github/workflows/publish-recipes.yaml +++ b/.github/workflows/publish-recipes.yaml @@ -30,83 +30,90 @@ concurrency: group: publish-${{ github.event.pull_request.number || github.sha }} cancel-in-progress: true +env: + RAD_CLI_URL: https://get.radapp.dev/tools/rad/install.sh + jobs: publish-dev: - name: Publish Recipes to Dev ACR - runs-on: ubuntu-latest + name: Publish Recipes to GHCR - Dev if: github.event_name == 'pull_request' && github.event.action != 'closed' - env: - ACR_HOST: radiusdev.azurecr.io + runs-on: ubuntu-latest + permissions: + contents: read + packages: write steps: - name: Check out repo uses: actions/checkout@v3 - - name: az CLI login - run: | - az login --service-principal \ - --username ${{ secrets.AZURE_SP_TESTS_APPID }} \ - --password ${{ secrets.AZURE_SP_TESTS_PASSWORD }} \ - --tenant ${{ secrets.AZURE_SP_TESTS_TENANTID }} - name: Parse release version and set environment variables run: python ./.github/scripts/get_release_version.py - - name: Download rad-bicep + - name: Download rad CLI run: | - ./.github/scripts/curl-with-retries.sh https://get.radapp.dev/tools/bicep-extensibility/${{ env.REL_CHANNEL }}/linux-x64/rad-bicep --output rad-bicep - chmod +x rad-bicep - ./rad-bicep --version - - name: Publish Recipes to Dev ACRs + echo "Downloading edge rad CLI" + wget -q "${{ env.RAD_CLI_URL }}" -O - | /bin/bash -s edge + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Publish Recipes to GHCR # Uses REL_VERSION as the recipe version so PR builds result in a `pr-` tag - run: ./.github/scripts/publish-recipes.sh . radiusdev.azurecr.io ${{ env.REL_VERSION }} + run: ./.github/scripts/publish-recipes.sh radius-project dev/recipes ${{ env.REL_VERSION }} delete-dev: - name: Delete Dev ACR Images + name: Delete GHCR recipes - Dev + if: github.event_name == 'pull_request' && github.event.action == 'closed' runs-on: ubuntu-latest needs: publish-dev - if: github.event_name == 'pull_request' && github.event.action == 'closed' - env: - ACR_HOST: radiusdev.azurecr.io + permissions: + contents: read + packages: write steps: - name: Check out repo uses: actions/checkout@v3 - - name: az CLI login - run: | - az login --service-principal \ - --username ${{ secrets.AZURE_SP_TESTS_APPID }} \ - --password ${{ secrets.AZURE_SP_TESTS_PASSWORD }} \ - --tenant ${{ secrets.AZURE_SP_TESTS_TENANTID }} - name: Parse release version and set environment variables run: python ./.github/scripts/get_release_version.py - - name: Delete Dev ACR Images - run: ./.github/scripts/delete-recipes.sh radiusdev.azurecr.io ${{ env.REL_VERSION }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Delete Recipes from GHCR + # Uses REL_VERSION as the recipe version so PR builds result in a `pr-` tag + run: ./.github/scripts/delete-recipes.sh radius-project dev/recipes ${{ env.REL_VERSION }} # This is where we can add integration tests in the future publish-public: - name: Publish Recipes to Public ACR - runs-on: ubuntu-latest if: github.event_name != 'pull_request' + name: Publish Recipes to GHCR - Public + runs-on: ubuntu-latest environment: name: Public - env: - ACR_HOST: radius.azurecr.io + permissions: + contents: read + packages: write steps: - name: Check out repo uses: actions/checkout@v3 - - name: az CLI login - run: | - az login --service-principal \ - --username ${{ secrets.AZURE_SP_TESTS_APPID }} \ - --password ${{ secrets.AZURE_SP_TESTS_PASSWORD }} \ - --tenant ${{ secrets.AZURE_SP_TESTS_TENANTID }} - name: Parse release version and set environment variables run: python ./.github/scripts/get_release_version.py - - name: Download rad-bicep + - name: Download rad CLI run: | - ./.github/scripts/curl-with-retries.sh https://get.radapp.dev/tools/bicep-extensibility/edge/linux-x64/rad-bicep --output rad-bicep + echo "Downloading edge rad CLI" + wget -q "${{ env.RAD_CLI_URL }}" -O - | /bin/bash -s edge chmod +x rad-bicep ./rad-bicep --version - - name: Publish Recipes to Prod ACR - run: | - ./.github/scripts/publish-recipes.sh . radius.azurecr.io ${{ env.REL_CHANNEL }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Publish Recipes to GHCR + run: | + ./.github/scripts/publish-recipes.sh radius-project recipes ${{ env.REL_CHANNEL }} if [ "${{ env.REL_TAG }}" != "${{ env.REL_CHANNEL }}" ]; then - ./.github/scripts/publish-recipes.sh . radius.azurecr.io ${{ env.REL_TAG }} + ./.github/scripts/publish-recipes.sh radius-project recipes ${{ env.REL_TAG }} fi