[Feature Request] Publish rock to Github's Container Registry

[gruyaume]

OVERVIEW

First, good job on the project and the rockcraft-pack action, it' will definitely be useful.

As more people and teams are building rocks, we also have to publish them somewhere. One of the registries used to publish such container images is Github's container registry. Right now, this is a great place to publish container images as it is well integrated with Github where our code, CI and permissions are already managed. Here the ask is for a new action to publish the created rock to Github's container registry.

This action would fetch the artifact created by the rockcraft-pack action, login to ghcr.io, use skopeo to copy the file to docker-daemon and push it to ghcr.io.

Usage

In terms of API, this could look something like:

    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
      - uses: canonical/craft-actions/rockcraft-publish-ghcr@main
        with: 
          artifact_name: rock
          image_name: banana
          image_version: 1.1.1
          organization: canonical

For this example, the action would have published the container image to ghcr.io/canonical/banana:1.1.1. image_name and image_version could default to values read from rockcraft.yaml and organization could default to canonical so that a minimal API could be:

    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
      - uses: canonical/craft-actions/rockcraft-publish-ghcr@main
        with: 
          artifact_name: rock

Current state

Here's what I have to do right now to take the provided rock and publish it to ghcr.io:

    steps:
      - name: Checkout repository
        uses: actions/checkout@v3

      - name: Log in to the Container registry
        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Install skopeo
        run: |
          sudo snap install --devmode --channel edge skopeo

      - name: Install yq
        run: |
          sudo snap install yq

      - uses: actions/download-artifact@v3
        with:
          name: rock

      - name: Import and push to github package
        run: |
          image_name="$(yq '.name' rockcraft.yaml)"
          version="$(yq '.version' rockcraft.yaml)"
          rock_file=$(ls *.rock | tail -n 1)
          sudo skopeo \
            --insecure-policy \
            copy \
            oci-archive:"${rock_file}" \
            docker-daemon:"ghcr.io/gruyaume/${image_name}:${version}"
          docker push ghcr.io/gruyaume/${image_name}:${version}

Reference

• https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry

[cjdcordeiro]

Thanks for putting this in @gruyaume .

I agree we should have something like this. I think the question is: who/what does that job? rockcraft should eventually have an upload operation (very much like snapcraft). Until then, there are existing public actions to simplify this workflow, like https://github.com/marketplace/actions/push-oci-archive-to-remote-registry and https://github.com/marketplace/actions/skopeo-copy-action. I wonder if we should already create that action, using standard tooling, as a placeholder for a future rockcraft upload/push...? @sergiusens wdyt?