From ad5ba69a0fc613862e29f83038e29bfb1f6c5010 Mon Sep 17 00:00:00 2001 From: Evyatar Meged Date: Thu, 11 May 2023 14:16:18 +0300 Subject: [PATCH] Moving to GCR (#179) --- .github/workflows/build.yaml | 46 ++++++++++---------------- .github/workflows/netpol-e2e-test.yaml | 33 ++++++++---------- .github/workflows/release-tag.yaml | 17 ++++------ 3 files changed, 36 insertions(+), 60 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index fce320f73..f00aa1874 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -13,8 +13,7 @@ on: - main env: - REGISTRY: 353146681200.dkr.ecr.us-east-1.amazonaws.com - REPOSITORY_NAME: otterize + REGISTRY: us-central1-docker.pkg.dev/main-383408/otterize jobs: build: @@ -38,17 +37,12 @@ jobs: with: driver-opts: network=host - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 + - name: Login to GCR + uses: docker/login-action@v2 with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: us-east-1 - - - name: Login to Amazon ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v1 - + registry: ${{ env.REGISTRY }} + username: _json_key_base64 + password: ${{ secrets.B64_GCLOUD_SERVICE_ACCOUNT_JSON}} - name: Login to DockerHub uses: docker/login-action@v1 with: @@ -60,7 +54,7 @@ jobs: with: context: src/ file: src/${{ matrix.service }}.Dockerfile - tags: ${{ env.REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.service }}-${{ github.sha }} + tags: ${{ env.REGISTRY }}/${{ matrix.service }}:${{ github.sha }} push: true network: host cache-from: type=gha @@ -72,11 +66,11 @@ jobs: # Must pass the secrets as the called workflow does not have access to the same context secrets: OTTERIZEBOT_GITHUB_TOKEN: ${{ secrets.OTTERIZEBOT_GITHUB_TOKEN }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + B64_GCLOUD_SERVICE_ACCOUNT_JSON: ${{ secrets.B64_GCLOUD_SERVICE_ACCOUNT_JSON }} + with: - operator-tag: intents-operator-${{ github.sha }} - watcher-tag: watcher-${{ github.sha }} + operator-tag: ${{ github.sha }} + watcher-tag: ${{ github.sha }} needs: - build @@ -93,23 +87,17 @@ jobs: - name: Checkout uses: actions/checkout@v2 - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 + - name: GCP auth + uses: 'google-github-actions/auth@v1' with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: us-east-1 - - - name: Login to Amazon ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v1 + credentials_json: ${{ secrets.B64_GCLOUD_SERVICE_ACCOUNT_JSON }} - - id: install-aws-cli - uses: unfor19/install-aws-cli-action@v1 + - name: Set up Cloud SDK + uses: 'google-github-actions/setup-gcloud@v1' # Push the Docker image to AWS ECR - name: Tag Images as latest run: |- - retag_image_as_latest() { MANIFEST=$(aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageTag="$1-${{ github.sha }}" --query "images[].imageManifest" --output text); if [ -z "$MANIFEST" ]; then echo Manifest not found; exit 1; fi; OUTPUT=$(aws ecr put-image --repository-name ${{ env.REPOSITORY_NAME }} --image-tag "$1-latest" --image-manifest "$MANIFEST" 2>&1 || true); if echo $OUTPUT | grep 'An error occurred' >/dev/null && ! echo $OUTPUT | grep ImageAlreadyExistsException >/dev/null; then echo $OUTPUT; exit 1; fi; } + retag_image_as_latest() { if [[ $(gcloud container images add-tag "${{ env.REGISTRY }}/$1:${{ github.sha }}" "${{ env.REGISTRY }}/$1:latest" --quiet) ]]; then echo "Failed tagging $1 as latest"; exit 1; fi } # using --quiet to avoid prompt retag_image_as_latest intents-operator retag_image_as_latest watcher diff --git a/.github/workflows/netpol-e2e-test.yaml b/.github/workflows/netpol-e2e-test.yaml index 5a70088b4..458945da6 100644 --- a/.github/workflows/netpol-e2e-test.yaml +++ b/.github/workflows/netpol-e2e-test.yaml @@ -6,9 +6,7 @@ on: secrets: OTTERIZEBOT_GITHUB_TOKEN: required: true - AWS_ACCESS_KEY_ID: - required: true - AWS_SECRET_ACCESS_KEY: + B64_GCLOUD_SERVICE_ACCOUNT_JSON: required: true inputs: @@ -21,8 +19,7 @@ on: env: - REGISTRY: 353146681200.dkr.ecr.us-east-1.amazonaws.com - REPOSITORY_NAME: otterize + REGISTRY: us-central1-docker.pkg.dev/main-383408/otterize jobs: @@ -36,16 +33,12 @@ jobs: submodules: recursive token: ${{ secrets.OTTERIZEBOT_GITHUB_TOKEN }} # required for checking out submodules - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 + - name: Login to GCR + uses: docker/login-action@v2 with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: us-east-1 - - - name: Login to Amazon ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v1 + registry: ${{ env.REGISTRY }} + username: _json_key_base64 + password: ${{ secrets.B64_GCLOUD_SERVICE_ACCOUNT_JSON}} - name: Set up Helm uses: azure/setup-helm@v3 @@ -63,13 +56,13 @@ jobs: - name: Install Otterize run: |- - docker pull ${{ env.REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ inputs.operator-tag }} - minikube image load ${{ env.REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ inputs.operator-tag }} - docker pull ${{ env.REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ inputs.watcher-tag }} - minikube image load ${{ env.REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ inputs.watcher-tag }} + docker pull ${{ env.REGISTRY }}/intents-operator:${{ inputs.operator-tag }} + minikube image load ${{ env.REGISTRY }}/intents-operator:${{ inputs.operator-tag }} + docker pull ${{ env.REGISTRY }}/watcher:${{ inputs.watcher-tag }} + minikube image load ${{ env.REGISTRY }}/watcher:${{ inputs.watcher-tag }} - OPERATOR_FLAGS="--set-string intentsOperator.operator.repository=${{ env.REGISTRY }} --set-string intentsOperator.operator.image=${{ env.REPOSITORY_NAME }} --set-string intentsOperator.operator.tag=${{ inputs.operator-tag }} --set-string intentsOperator.operator.pullPolicy=Never" - WATCHER_FLAGS="--set-string intentsOperator.watcher.repository=${{ env.REGISTRY }} --set-string intentsOperator.watcher.image=${{ env.REPOSITORY_NAME }} --set-string intentsOperator.watcher.tag=${{ inputs.watcher-tag }} --set-string intentsOperator.watcher.pullPolicy=Never" + OPERATOR_FLAGS="--set-string intentsOperator.operator.repository=${{ env.REGISTRY }} --set-string intentsOperator.operator.image=intents-operator --set-string intentsOperator.operator.tag=${{ inputs.operator-tag }} --set-string intentsOperator.operator.pullPolicy=Never" + WATCHER_FLAGS="--set-string intentsOperator.watcher.repository=${{ env.REGISTRY }} --set-string intentsOperator.watcher.image=watcher --set-string intentsOperator.watcher.tag=${{ inputs.watcher-tag }} --set-string intentsOperator.watcher.pullPolicy=Never" helm dep up ./helm-charts/otterize-kubernetes helm install otterize ./helm-charts/otterize-kubernetes -n otterize-system --create-namespace $OPERATOR_FLAGS $WATCHER_FLAGS diff --git a/.github/workflows/release-tag.yaml b/.github/workflows/release-tag.yaml index 4e159f7ef..9baede9c2 100644 --- a/.github/workflows/release-tag.yaml +++ b/.github/workflows/release-tag.yaml @@ -8,8 +8,7 @@ on: - published env: - REGISTRY: 353146681200.dkr.ecr.us-east-1.amazonaws.com/otterize - REPOSITORY_NAME: otterize + REGISTRY: us-central1-docker.pkg.dev/main-383408/otterize jobs: push-dockerhub: @@ -20,16 +19,12 @@ jobs: - name: Checkout uses: actions/checkout@v2 - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 + - name: Login to GCR + uses: docker/login-action@v2 with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: us-east-1 - - - name: Login to Amazon ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v1 + registry: ${{ env.REGISTRY }} + username: _json_key_base64 + password: ${{ secrets.B64_GCLOUD_SERVICE_ACCOUNT_JSON}} - name: Login to DockerHub uses: docker/login-action@v1