Skip to content

🌱 publish docker images to GitHub Container Registry#1453

Merged
spencerschrock merged 2 commits intoossf:mainfrom
spencerschrock:ghcr
Nov 13, 2024
Merged

🌱 publish docker images to GitHub Container Registry#1453
spencerschrock merged 2 commits intoossf:mainfrom
spencerschrock:ghcr

Conversation

@spencerschrock
Copy link
Member

@spencerschrock spencerschrock commented Oct 7, 2024
edited
Loading

The goal is to use GHCR to replace Google Container Registry (GCR) for future Scorecard Action releases to reduce network egress costs. These workflows will build two types of images:

  1. Release images, which are tagged following a v1.2.3 pattern. These container images will be retained indefinitely.
  2. Per-commit images for each push to main. These images are used when testing the action, and will be removed after a week.

The workflow was primarily based on GitHub's example workflow. You can see this working in my fork:

  • A normal push to main, generating a latest image, with no attestation workflow
  • A tagged image, generating a release image, with an attestation. workflow
  • The cleanup workflow, deleting untagged images on schedule, or on dispatch.

@spencerschrock
publish docker images to GitHub Container Registry
c55135e 
The goal is to use GHCR to replace Google Container Registry (GCR) for
future versions of Scorecard Action releases. These workflows will build
two types of images:

  1. Release images, which are tagged following a v1.2.3 pattern. These
  container images will be retained indefinitely.
  2. Per-commit images for each push to main. These images are used when
     testing the action, and will be removed after a week.

Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock spencerschrock requested review from a team, justaugustus and naveensrinivasan and removed request for a team October 7, 2024 17:56
raghavkaul
raghavkaul reviewed Nov 13, 2024
View reviewed changes
Copy link

@raghavkaul raghavkaul left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the network egress cost and why does it not apply with GHCR?

@spencerschrock
Copy link
Member Author

spencerschrock commented Nov 13, 2024

What is the network egress cost

When someone runs the action, it pulls our gcr.io image, which has pricing associated with it

General network usage applies for any data read from your Cloud Storage bucket that does not fall into one of the above categories or the Always Free usage limits. For example, general network usage applies when data moves from a Cloud Storage bucket to the Internet.

Monthly Usage Data transfer to Worldwide Destinations (excluding Asia & Australia)(per GB) Data transfer to Asia Destinations (excluding China, but including Hong Kong)(per GB) Data transfer to China Destinations (excluding Hong Kong)(per GB) Data transfer to Australia Destinations and Data transfer from Cloud Storage regions located in Australia(per GB) Inbound data transfer
0-1 TB $0.12 $0.12 $0.23 $0.19 Free
1-10 TB $0.11 $0.11 $0.22 $0.18 Free
10+ TB $0.08 $0.08 $0.20 $0.15 Free

why does it not apply with GHCR?

GHCR is free for public packages. And also has a section later on about GitHub Actions

All data transferred out, when triggered by GitHub Actions, and data transferred in from any source is free. We determine you are downloading packages using GitHub Actions when you log in to GitHub Packages using a GITHUB_TOKEN.

@spencerschrock spencerschrock enabled auto-merge (squash) November 13, 2024 17:03
@spencerschrock spencerschrock merged commit 3a26553 into ossf:main Nov 13, 2024
@spencerschrock spencerschrock deleted the ghcr branch November 13, 2024 17:07
spencerschrock added a commit to spencerschrock/scorecard-webapp that referenced this pull request Nov 13, 2024
@spencerschrock
allow ghcr docker image
eef6abb 
With the switch to GHCR we'll need to support both images for e2e testing.
Eventually we can remove the gcr.io case if needed.

ossf/scorecard-action#1453

Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock spencerschrock mentioned this pull request Nov 13, 2024
Merged
spencerschrock added a commit to ossf/scorecard-webapp that referenced this pull request Nov 13, 2024
@spencerschrock
allow ghcr docker image (#707)
7415c7a 
With the switch to GHCR we'll need to support both images for e2e testing.
Eventually we can remove the gcr.io case if needed.

ossf/scorecard-action#1453

Signed-off-by: Spencer Schrock <sschrock@google.com>
spencerschrock added a commit to ossf-tests/scorecard-action that referenced this pull request Nov 13, 2024
@spencerschrock
use GitHub Container Registry images for e2e tests
ba2309c 
ossf#1453
Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock spencerschrock mentioned this pull request Nov 13, 2024
Merged
spencerschrock added a commit to ossf-tests/scorecard-action that referenced this pull request Nov 13, 2024
@spencerschrock
use GitHub Container Registry images for e2e tests (#12)
dc0f8da 
ossf#1453

Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock spencerschrock mentioned this pull request Dec 4, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@raghavkaul raghavkaul raghavkaul approved these changes

@naveensrinivasan naveensrinivasan Awaiting requested review from naveensrinivasan naveensrinivasan is a code owner automatically assigned from ossf/scorecard-maintainers

@justaugustus justaugustus Awaiting requested review from justaugustus justaugustus is a code owner automatically assigned from ossf/scorecard-maintainers

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@spencerschrock @raghavkaul