diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index bbc30fa..aeee89a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -20,12 +20,19 @@ jobs: with: install: true - - name: "Docker login" + - name: "Docker login docker.io" uses: docker/login-action@v3 with: username: kbstci password: ${{ secrets.DOCKER_AUTH }} + - name: "Docker login ghcr.io" + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: "Build artifacts" env: DOCKER_PUSH: true @@ -75,12 +82,19 @@ jobs: with: install: true - - name: "Docker login" + - name: "Docker login docker.io" uses: docker/login-action@v3 with: username: kbstci password: ${{ secrets.DOCKER_AUTH }} + - name: "Docker login ghcr.io" + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build ${{ matrix.starter }} image env: DOCKER_PUSH: true @@ -91,7 +105,7 @@ jobs: env: COSIGN_EXPERIMENTAL: true run: | - cosign sign --yes -a GIT_HASH=${{ github.sha }} -a GIT_REF=${{ github.ref }} kubestack/framework-dev:test-${{ github.sha }}-${{ matrix.starter }} + cosign sign --yes -a GIT_HASH=${{ github.sha }} -a GIT_REF=${{ github.ref }} ghcr.io/kbst/terraform-kubestack/dev:test-${{ github.sha }}-${{ matrix.starter }} test: runs-on: ubuntu-latest @@ -112,12 +126,19 @@ jobs: run: | unzip quickstart/_dist/kubestack-starter-${{ matrix.starter }}-*.zip - - name: "Docker login" + - name: "Docker login docker.io" uses: docker/login-action@v3 with: username: kbstci password: ${{ secrets.DOCKER_AUTH }} + - name: "Docker login ghcr.io" + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: "Docker build" env: DOCKER_BUILDKIT: 1 @@ -126,7 +147,7 @@ jobs: # to kubestack/framework after they have been tested # but the Dockerfiles in the artifact have the target image name run: | - SOURCE_IMAGE=kubestack/framework-dev:test-${{ github.sha }}-${{ matrix.starter }} + SOURCE_IMAGE=ghcr.io/kbst/terraform-kubestack/dev:test-${{ github.sha }}-${{ matrix.starter }} docker pull $SOURCE_IMAGE TARGET_IMAGE=$(cat Dockerfile | sed 's/FROM //') docker tag $SOURCE_IMAGE $TARGET_IMAGE @@ -217,19 +238,26 @@ jobs: - name: Install Cosign uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 #v3.7.0 - - name: "Docker login" + - name: "Docker login docker.io" uses: docker/login-action@v3 with: username: kbstci password: ${{ secrets.DOCKER_AUTH }} + - name: "Docker login ghcr.io" + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: "Docker push" # cosign copy copies the images and the signature from one place to another # then we dont need to sign again the same image env: COSIGN_EXPERIMENTAL: true run: | - SOURCE_IMAGE=kubestack/framework-dev:test-${{ github.sha }}-${{ matrix.starter }} + SOURCE_IMAGE=ghcr.io/kbst/terraform-kubestack/dev:test-${{ github.sha }}-${{ matrix.starter }} TARGET_IMAGE=$(cat quickstart/_dist/kubestack-starter-${{ matrix.starter }}/Dockerfile | sed 's/FROM //') echo "Source image $SOURCE_IMAGE will be pushed to $TARGET_IMAGE" cosign copy $SOURCE_IMAGE $TARGET_IMAGE diff --git a/Makefile b/Makefile index d706144..221f5ce 100644 --- a/Makefile +++ b/Makefile @@ -8,9 +8,9 @@ DOCKER_TARGET ?= multi-cloud ifeq ("${DOCKER_PUSH}", "true") BUILD_PLATFORM := --platform linux/arm64,linux/amd64 -BUILD_CACHE_DIST := --cache-to type=registry,mode=max,ref=kubestack/framework-dev:buildcache-dist-helper,push=${DOCKER_PUSH} +BUILD_CACHE_DIST := --cache-to type=registry,mode=max,ref=ghcr.io/kbst/terraform-kubestack/dev:buildcache-dist-helper,push=${DOCKER_PUSH} BUILD_OUTPUT := --output type=registry,push=${DOCKER_PUSH} -BUILD_CACHE := --cache-to type=registry,mode=max,ref=kubestack/framework-dev:buildcache-${DOCKER_TARGET},push=${DOCKER_PUSH} +BUILD_CACHE := --cache-to type=registry,mode=max,ref=ghcr.io/kbst/terraform-kubestack/dev:buildcache-${DOCKER_TARGET},push=${DOCKER_PUSH} else BUILD_PLATFORM := BUILD_OUTPUT := --output type=docker @@ -24,7 +24,7 @@ dist: --build-arg GIT_SHA=${GIT_SHA} \ --file oci/Dockerfile \ --output type=docker \ - --cache-from type=registry,ref=kubestack/framework-dev:buildcache-dist-helper \ + --cache-from type=registry,ref=ghcr.io/kbst/terraform-kubestack/dev:buildcache-dist-helper \ ${BUILD_CACHE_DIST} \ --progress plain \ -t dist-helper:latest \ @@ -47,11 +47,11 @@ build: --build-arg GIT_SHA=${GIT_SHA} \ --file oci/Dockerfile \ ${BUILD_OUTPUT} \ - --cache-from type=registry,ref=kubestack/framework-dev:buildcache-${DOCKER_TARGET} \ + --cache-from type=registry,ref=ghcr.io/kbst/terraform-kubestack/dev:buildcache-${DOCKER_TARGET} \ ${BUILD_CACHE} \ --progress plain \ --target ${DOCKER_TARGET} \ - -t kubestack/framework-dev:test-$(GIT_SHA)-${DOCKER_TARGET} \ + -t ghcr.io/kbst/terraform-kubestack/dev:test-$(GIT_SHA)-${DOCKER_TARGET} \ . validate: .init @@ -97,7 +97,7 @@ shell: .check-container -e KBST_AUTH_GCLOUD \ -e HOME=/infra/tests/.user \ --workdir /infra/tests \ - kubestack/framework-dev:test-$(GIT_SHA)-${DOCKER_TARGET} \ + ghcr.io/kbst/terraform-kubestack/dev:test-$(GIT_SHA)-${DOCKER_TARGET} \ sleep infinity .stop-container: diff --git a/quickstart/build_artifacts/dist.py b/quickstart/build_artifacts/dist.py index b216755..c427822 100755 --- a/quickstart/build_artifacts/dist.py +++ b/quickstart/build_artifacts/dist.py @@ -7,9 +7,9 @@ from jinja2 import Environment, FileSystemLoader -SRCDIR = '../src' -DISTDIR = '../_dist' -ARTIFACT_PREFIX = 'kubestack-starter-' +SRCDIR = "../src" +DISTDIR = "../_dist" +ARTIFACT_PREFIX = "kubestack-starter-" def replace_template(dist_path, file_name, context): @@ -17,17 +17,17 @@ def replace_template(dist_path, file_name, context): template = jinja.get_template(file_name) data = template.render(context) - with open(f'{dist_path}/{file_name}', 'w') as f: + with open(f"{dist_path}/{file_name}", "w") as f: f.write(data) # always include newline at end of file - f.write('\n') + f.write("\n") def dist(version, image_name, configuration): - configuration_src = f'{SRCDIR}/configurations/{configuration}' - configuration_dist = f'{DISTDIR}/{ARTIFACT_PREFIX}{configuration}' - manifests_src = f'{SRCDIR}/manifests' - manifests_dist = f'{configuration_dist}/manifests' + configuration_src = f"{SRCDIR}/configurations/{configuration}" + configuration_dist = f"{DISTDIR}/{ARTIFACT_PREFIX}{configuration}" + manifests_src = f"{SRCDIR}/manifests" + manifests_dist = f"{configuration_dist}/manifests" # Clean DISTDIR if isdir(configuration_dist): @@ -38,37 +38,37 @@ def dist(version, image_name, configuration): copytree(manifests_src, manifests_dist) # Replace templated version variables in *.tf files - for tf_file in [n for n in listdir(configuration_dist) - if n.endswith('.tf')]: - replace_template(configuration_dist, tf_file, - {'version': version}) + for tf_file in [n for n in listdir(configuration_dist) if n.endswith(".tf")]: + replace_template(configuration_dist, tf_file, {"version": version}) # Replace templated variables in Dockerfiles - dockerfiles = ['Dockerfile', 'Dockerfile.loc'] + dockerfiles = ["Dockerfile", "Dockerfile.loc"] for dockerfile in dockerfiles: if exists(join(configuration_dist, dockerfile)): - replace_template(configuration_dist, - dockerfile, - {'image_name': image_name, 'image_tag': version}) + replace_template( + configuration_dist, + dockerfile, + {"image_name": image_name, "image_tag": version}, + ) def compress(version, configuration): - starter = f'{ARTIFACT_PREFIX}{configuration}' - archive = f'{DISTDIR}/{starter}-{version}' - make_archive(archive, 'zip', DISTDIR, starter) + starter = f"{ARTIFACT_PREFIX}{configuration}" + archive = f"{DISTDIR}/{starter}-{version}" + make_archive(archive, "zip", DISTDIR, starter) if __name__ == "__main__": # Use tag as version, fallback to commit sha - version = environ.get('GIT_SHA') + version = environ.get("GIT_SHA") # Non tagged images go to a different image repository - image_name = 'kubestack/framework-dev' + image_name = "ghcr.io/kbst/terraform-kubestack/dev" - gitref = environ.get('GIT_REF') - if gitref.startswith('refs/tags/'): - version = gitref.replace('refs/tags/', '') + gitref = environ.get("GIT_REF") + if gitref.startswith("refs/tags/"): + version = gitref.replace("refs/tags/", "") # Tagged releases go to main image repository - image_name = 'kubestack/framework' + image_name = "kubestack/framework" try: target = argv[1] @@ -76,8 +76,9 @@ def compress(version, configuration): print("positional arg: 'target' missing:") exit("usage dist.py [dist | compress]") - configurations = [n for n in listdir(f'{SRCDIR}/configurations') - if not n.startswith('_')] + configurations = [ + n for n in listdir(f"{SRCDIR}/configurations") if not n.startswith("_") + ] if target not in ["dist", "compress"]: exit("usage dist.py [dist | compress]")