Moving to GCR (#179)

otterize · May 11, 2023 · ad5ba69 · ad5ba69
1 parent 226e535
commit ad5ba69
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 60 deletions.
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -13,8 +13,7 @@ on:
       - main
 
 env:
-  REGISTRY: 353146681200.dkr.ecr.us-east-1.amazonaws.com
-  REPOSITORY_NAME: otterize
+  REGISTRY: us-central1-docker.pkg.dev/main-383408/otterize
 
 jobs:
   build:
@@ -38,17 +37,12 @@ jobs:
         with:
           driver-opts: network=host
 
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v1
+      - name: Login to GCR
+        uses: docker/login-action@v2
         with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: us-east-1
-
-      - name: Login to Amazon ECR
-        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v1
-
+          registry: ${{ env.REGISTRY }}
+          username: _json_key_base64
+          password: ${{ secrets.B64_GCLOUD_SERVICE_ACCOUNT_JSON}}
       - name: Login to DockerHub
         uses: docker/login-action@v1
         with:
@@ -60,7 +54,7 @@ jobs:
         with:
           context: src/
           file: src/${{ matrix.service }}.Dockerfile
-          tags: ${{ env.REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.service }}-${{ github.sha }}
+          tags: ${{ env.REGISTRY }}/${{ matrix.service }}:${{ github.sha }}
           push: true
           network: host
           cache-from: type=gha
@@ -72,11 +66,11 @@ jobs:
     # Must pass the secrets as the called workflow does not have access to the same context
     secrets:
       OTTERIZEBOT_GITHUB_TOKEN: ${{ secrets.OTTERIZEBOT_GITHUB_TOKEN }}
-      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      B64_GCLOUD_SERVICE_ACCOUNT_JSON: ${{ secrets.B64_GCLOUD_SERVICE_ACCOUNT_JSON }}
+
     with:
-      operator-tag: intents-operator-${{ github.sha }}
-      watcher-tag: watcher-${{ github.sha }}
+      operator-tag: ${{ github.sha }}
+      watcher-tag: ${{ github.sha }}
 
     needs:
       - build
@@ -93,23 +87,17 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v2
 
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v1
+      - name: GCP auth
+        uses: 'google-github-actions/auth@v1'
         with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: us-east-1
-
-      - name: Login to Amazon ECR
-        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v1
+          credentials_json: ${{ secrets.B64_GCLOUD_SERVICE_ACCOUNT_JSON }}
 
-      - id: install-aws-cli
-        uses: unfor19/install-aws-cli-action@v1
+      - name: Set up Cloud SDK
+        uses: 'google-github-actions/setup-gcloud@v1'
 
       # Push the Docker image to AWS ECR
       - name: Tag Images as latest
         run: |-
-          retag_image_as_latest() { MANIFEST=$(aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageTag="$1-${{ github.sha }}" --query "images[].imageManifest" --output text); if [ -z "$MANIFEST" ]; then echo Manifest not found; exit 1; fi; OUTPUT=$(aws ecr put-image --repository-name ${{ env.REPOSITORY_NAME }} --image-tag "$1-latest" --image-manifest "$MANIFEST" 2>&1 || true); if echo $OUTPUT | grep 'An error occurred' >/dev/null && ! echo $OUTPUT | grep ImageAlreadyExistsException >/dev/null; then echo $OUTPUT; exit 1; fi; }
+          retag_image_as_latest() { if [[ $(gcloud container images add-tag "${{ env.REGISTRY }}/$1:${{ github.sha }}" "${{ env.REGISTRY }}/$1:latest" --quiet) ]]; then echo "Failed tagging $1 as latest"; exit 1; fi } # using --quiet to avoid prompt
           retag_image_as_latest intents-operator
           retag_image_as_latest watcher
diff --git a/.github/workflows/netpol-e2e-test.yaml b/.github/workflows/netpol-e2e-test.yaml
@@ -6,9 +6,7 @@ on:
     secrets:
       OTTERIZEBOT_GITHUB_TOKEN:
         required: true
-      AWS_ACCESS_KEY_ID:
-        required: true
-      AWS_SECRET_ACCESS_KEY:
+      B64_GCLOUD_SERVICE_ACCOUNT_JSON:
         required: true
 
     inputs:
@@ -21,8 +19,7 @@ on:
 
 
 env:
-  REGISTRY: 353146681200.dkr.ecr.us-east-1.amazonaws.com
-  REPOSITORY_NAME: otterize
+  REGISTRY: us-central1-docker.pkg.dev/main-383408/otterize
 
 
 jobs:
@@ -36,16 +33,12 @@ jobs:
           submodules: recursive
           token: ${{ secrets.OTTERIZEBOT_GITHUB_TOKEN }} # required for checking out submodules
 
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v1
+      - name: Login to GCR
+        uses: docker/login-action@v2
         with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: us-east-1
-
-      - name: Login to Amazon ECR
-        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v1
+          registry: ${{ env.REGISTRY }}
+          username: _json_key_base64
+          password: ${{ secrets.B64_GCLOUD_SERVICE_ACCOUNT_JSON}}
 
       - name: Set up Helm
         uses: azure/setup-helm@v3
@@ -63,13 +56,13 @@ jobs:
 
       - name: Install Otterize
         run: |-
-          docker pull ${{ env.REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ inputs.operator-tag }}
-          minikube image load ${{ env.REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ inputs.operator-tag }}
-          docker pull ${{ env.REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ inputs.watcher-tag }}
-          minikube image load  ${{ env.REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ inputs.watcher-tag }}
+          docker pull ${{ env.REGISTRY }}/intents-operator:${{ inputs.operator-tag }}
+          minikube image load ${{ env.REGISTRY }}/intents-operator:${{ inputs.operator-tag }}
+          docker pull ${{ env.REGISTRY }}/watcher:${{ inputs.watcher-tag }}
+          minikube image load  ${{ env.REGISTRY }}/watcher:${{ inputs.watcher-tag }}
           
-          OPERATOR_FLAGS="--set-string intentsOperator.operator.repository=${{ env.REGISTRY }} --set-string intentsOperator.operator.image=${{ env.REPOSITORY_NAME }} --set-string intentsOperator.operator.tag=${{ inputs.operator-tag }} --set-string intentsOperator.operator.pullPolicy=Never"
-          WATCHER_FLAGS="--set-string intentsOperator.watcher.repository=${{ env.REGISTRY }} --set-string intentsOperator.watcher.image=${{ env.REPOSITORY_NAME }} --set-string intentsOperator.watcher.tag=${{ inputs.watcher-tag }} --set-string intentsOperator.watcher.pullPolicy=Never"
+          OPERATOR_FLAGS="--set-string intentsOperator.operator.repository=${{ env.REGISTRY }} --set-string intentsOperator.operator.image=intents-operator --set-string intentsOperator.operator.tag=${{ inputs.operator-tag }} --set-string intentsOperator.operator.pullPolicy=Never"
+          WATCHER_FLAGS="--set-string intentsOperator.watcher.repository=${{ env.REGISTRY }} --set-string intentsOperator.watcher.image=watcher --set-string intentsOperator.watcher.tag=${{ inputs.watcher-tag }} --set-string intentsOperator.watcher.pullPolicy=Never"
           helm dep up ./helm-charts/otterize-kubernetes
           helm install otterize ./helm-charts/otterize-kubernetes -n otterize-system --create-namespace $OPERATOR_FLAGS $WATCHER_FLAGS
 

diff --git a/.github/workflows/release-tag.yaml b/.github/workflows/release-tag.yaml
@@ -8,8 +8,7 @@ on:
       - published
 
 env:
-  REGISTRY: 353146681200.dkr.ecr.us-east-1.amazonaws.com/otterize
-  REPOSITORY_NAME: otterize
+  REGISTRY: us-central1-docker.pkg.dev/main-383408/otterize
 
 jobs:
   push-dockerhub:
@@ -20,16 +19,12 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v2
 
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v1
+      - name: Login to GCR
+        uses: docker/login-action@v2
         with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: us-east-1
-
-      - name: Login to Amazon ECR
-        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v1
+          registry: ${{ env.REGISTRY }}
+          username: _json_key_base64
+          password: ${{ secrets.B64_GCLOUD_SERVICE_ACCOUNT_JSON}}
 
       - name: Login to DockerHub
         uses: docker/login-action@v1