Fix runner container image

.github/workflows/ci-cd.yaml

@@ -64,7 +64,7 @@ jobs:
             runner/ansible/* runner/ansible/roles/* \
             runner/ansible/roles/checks/* runner/ansible/vars/*
 
-  build:
+  build-static-binary:
     runs-on: ubuntu-20.04
     needs: test
     steps:
@@ -110,8 +110,7 @@ jobs:
           path: build/trento-amd64.tgz
 
   release-rolling:
-    name: "submit-pre-release"
-    needs: build
+    needs: build-static-binary
     if: (github.event_name == 'push' && github.ref == 'refs/heads/main')
     runs-on: "ubuntu-latest"
     steps:
@@ -123,20 +122,35 @@ jobs:
           repo_token: "${{ secrets.GITHUB_TOKEN }}"
           automatic_release_tag: "rolling"
           prerelease: true
-          title: "Development Build"
+          title: "Cutting Edge"
           files: |
             trento-amd64.tgz
             trento-arm64.tgz
             trento-ppc64le.tgz
             trento-s390x.tgz
 
-  install-server:
+  # This job doesn't actually make release, but rather reacts to a manual one, made via the GitHub UI.
+  # In the future, we might want to reuse the same mechanism of the rolling ones to automate everything here as well.
+  release-tag:
+    needs: build-static-binary
+    if: github.event.release
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/download-artifact@v2
+        with:
+          name: trento-binaries
+      - uses: AButler/upload-release-assets@v2.0
+        with:
+          files: "trento-*"
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+
+  deploy-server:
     runs-on: [ self-hosted, trento-gh-runner ]
-    needs: build-and-push-image
+    needs: build-and-push-container-images
     if: (github.event_name == 'push' && github.ref == 'refs/heads/main') || github.event_name == 'workflow_dispatch'
     environment: AZURE_DEMO
     env:
-      TRENTO_SERVER_HOST: ${{ secrets.TRENTO_SERVER_HOST }}      
+      TRENTO_SERVER_HOST: ${{ secrets.TRENTO_SERVER_HOST }}
       TRENTO_USER: ${{ secrets.TRENTO_USER }}
     steps:
       - uses: actions/checkout@v2
@@ -153,10 +167,10 @@ jobs:
 
   deploy-agents:
     runs-on: [ self-hosted, trento-gh-runner ]
-    needs: [ install-server, release-rolling ]
+    needs: [ deploy-server, release-rolling ]
     if: (github.event_name == 'push' && github.ref == 'refs/heads/main') || github.event_name == 'workflow_dispatch'
     environment: AZURE_DEMO
-    env:      
+    env:
       TRENTO_AGENT_HOSTS: ${{ secrets.TRENTO_AGENT_HOSTS }}
       TRENTO_USER: ${{ secrets.TRENTO_USER }}
       TRENTO_SERVER_HOST: ${{ secrets.TRENTO_SERVER_HOST }}
@@ -171,25 +185,17 @@ jobs:
             ssh "$TRENTO_USER@$target_host" "sudo systemctl enable --now trento-agent.service"
           done
 
-  upload-release-assets:
-    needs: build
-    if: github.event.release
-    runs-on: ubuntu-20.04
-    steps:
-      - uses: actions/download-artifact@v2
-        with:
-          name: trento-binaries
-      - uses: AButler/upload-release-assets@v2.0
-        with:
-          files: "trento-*"
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
-
-  build-and-push-image:
+  build-and-push-container-images:
     needs: test
     if: (github.event_name == 'push' && github.ref == 'refs/heads/main') || github.event_name == 'release' || github.event_name == 'workflow_dispatch'
+    strategy:
+      matrix:
+        image-target:
+          - trento-web
+          - trento-runner
     env:
       REGISTRY: ghcr.io
-      IMAGE_NAME: ${{ github.repository }}
+      IMAGE_REPOSITORY: ghcr.io/${{ github.repository_owner }}/${{ matrix.image-target }}
       IMAGE_TAG: "${{ github.event_name == 'release' && github.event.release.tag_name || 'rolling' }}"
     runs-on: ubuntu-latest
     permissions:
@@ -207,24 +213,23 @@ jobs:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-
       - name: Extract metadata (tags, labels) for Docker
         id: meta
         uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
         with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-
-      - name: Build and push Docker image
-        uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
+          images: ${{ env.IMAGE_REPOSITORY }}
+      - name: Build and push container image
+        uses: docker/build-push-action@v2
         with:
           context: .
           push: true
-          tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
+          target: ${{ matrix.image-target }}
+          tags: ${{ env.IMAGE_REPOSITORY }}:${{ env.IMAGE_TAG }}
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
-  commit-obs:
+  obs-commit:
     needs: test
     runs-on: ubuntu-18.04
     if: github.ref == 'refs/heads/main'
@@ -257,8 +262,8 @@ jobs:
     - name: commit changes into OBS
       run: cp $FOLDER/_service . && /scripts/upload.sh
 
-  submit-obs:
-    needs: commit-obs
+  obs-submit:
+    needs: obs-commit
     runs-on: ubuntu-18.04
     if: github.event.release
     container:

Dockerfile

@@ -8,18 +8,23 @@ COPY --from=node-build /build /build
 WORKDIR /build
 RUN make build
 
-FROM python:3.7-slim AS python-build
-RUN ln -s /usr/local/bin/python /usr/bin/python
-RUN /usr/bin/python -m venv /venv
-RUN /venv/bin/pip install ansible ara
+FROM python:3.7-slim AS trento-runner
+RUN ln -s /usr/local/bin/python /usr/bin/python \
+    && /usr/bin/python -m venv /venv \
+    && /venv/bin/pip install ansible ara \
+    && apt-get update && apt-get install -y --no-install-recommends \
+      ssh \
+    && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
+    && rm -rf /var/lib/apt/lists/*
 
-FROM gcr.io/distroless/python3:debug
-COPY --from=python-build /venv /venv
 ENV PATH="/venv/bin:$PATH"
 ENV PYTHONPATH=/venv/lib/python3.7/site-packages
 COPY --from=go-build /build/trento /app/trento
+LABEL org.opencontainers.image.source="https://github.com/trento-project/trento"
+ENTRYPOINT ["/app/trento"]
 
-LABEL org.opencontainers.image.source https://github.com/trento-project/trento
-
+FROM gcr.io/distroless/base:debug AS trento-web
+COPY --from=go-build /build/trento /app/trento
+LABEL org.opencontainers.image.source="https://github.com/trento-project/trento"
 EXPOSE 8080/tcp
 ENTRYPOINT ["/app/trento"]

install-server.sh

@@ -4,7 +4,7 @@ set -e
 
 readonly ARGS=( "$@" )
 readonly PROGNAME="./install-server.sh"
-readonly TRENTO_VERSION="0.4.0"
+TRENTO_VERSION="0.4.0"
 
 usage() {
     cat <<- EOF
@@ -31,16 +31,16 @@ cmdline() {
         case "$arg" in
             --private-key)  args="${args}-p ";;
             --rolling)      args="${args}-r ";;
-            --help)         args="${args}-h ";;            
-            
+            --help)         args="${args}-h ";;
+
             # pass through anything else
             *) [[ "${arg:0:1}" == "-" ]] || delim="\""
             args="${args}${delim}${arg}${delim} ";;
         esac
     done
-    
+
     eval set -- "$args"
-    
+
     while getopts "p:rh" OPTION
     do
         case $OPTION in
@@ -65,6 +65,10 @@ cmdline() {
         read -rp "Please provide the path of the runner private key: " PRIVATE_KEY </dev/tty
     fi
 
+    if [[ "$ROLLING" == "true" ]]; then
+      TRENTO_VERSION="rolling"
+    fi
+
     return 0
 }
 
@@ -105,31 +109,22 @@ update_helm_dependencies() {
 install_trento_server_chart() {
     local repo_owner=${TRENTO_REPO_OWNER:-"trento-project"}
     local private_key=${PRIVATE_KEY:-"./id_rsa_runner"}
-    local image_tag=${IMAGE_TAG:-""}
-    local rolling=${ROLLING:-false}
-    local trento_packages_url="https://github.com/${repo_owner}/trento/archive/refs/tags"
     local trento_source_zip="${TRENTO_VERSION}"
-
-    if [[ "$rolling" == "true" ]]; then
-        image_tag="rolling"        
-        trento_source_zip="rolling"
-    fi
+    local trento_packages_url="https://github.com/${repo_owner}/trento/archive/refs/tags"
 
     echo "Installing trento-server chart..."
     pushd -- /tmp >/dev/null
     curl -f -sS -O -L "${trento_packages_url}/${trento_source_zip}.zip" >/dev/null
     unzip -o "${trento_source_zip}.zip" >/dev/null
     rm ${trento_source_zip}.zip
     popd >/dev/null
-    
-    pushd -- /tmp/trento-"${trento_source_zip}"/packaging/helm/trento-server >/dev/null 
+
+    pushd -- /tmp/trento-"${trento_source_zip}"/packaging/helm/trento-server >/dev/null
     helm dep update >/dev/null
     helm upgrade --install trento-server . \
         --set-file trento-runner.privateKey="${private_key}" \
-        --set trento-web.image.tag="${image_tag}" \
-        --set trento-runner.image.tag="${image_tag}" \
-        --set trento-web.image.pullPolicy="Always" \
-        --set trento-runner.image.pullPolicy="Always"
+        --set trento-web.image.tag="${TRENTO_VERSION}" \
+        --set trento-runner.image.tag="${TRENTO_VERSION}"
     rm -rf /tmp/trento-"${trento_source_zip}"
     popd >/dev/null
 }
@@ -142,4 +137,4 @@ main() {
     update_helm_dependencies
     install_trento_server_chart
 }
-main
+main

packaging/helm/trento-server/Chart.yaml

@@ -19,4 +19,4 @@ dependencies:
   - name: consul
     version: "~0.32.1"
     repository: https://helm.releases.hashicorp.com
-    condition: consul.enabled
+    condition: consul.enabled

packaging/helm/trento-server/charts/trento-runner/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: trento-runner
-description: Trento runner chart
+description: Trento Runner Chart
 
 # A chart can be either an 'application' or a 'library' chart.
 #
@@ -15,10 +15,4 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "0.4.0"
+version: 0.2.0

packaging/helm/trento-server/charts/trento-runner/templates/deployment.yaml

@@ -43,7 +43,7 @@ spec:
               value:
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}

packaging/helm/trento-server/charts/trento-runner/values.yaml

@@ -7,10 +7,9 @@ replicaCount: 1
 privateKey: ""
 
 image:
-  repository: ghcr.io/trento-project/trento
-  pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
-  tag: ""
+  repository: ghcr.io/trento-project/trento-runner
+  pullPolicy: Always
+  tag: "rolling"
 
 imagePullSecrets: []
 nameOverride: ""
@@ -38,10 +37,6 @@ securityContext: {}
   # runAsNonRoot: true
   # runAsUser: 1000
 
-service:
-  type: ClusterIP
-  port: 80
-
 ingress:
   enabled: false
   className: ""
@@ -81,4 +76,4 @@ nodeSelector: {}
 
 tolerations: []
 
-affinity: {}
+affinity: {}

packaging/helm/trento-server/charts/trento-web/Chart.yaml

@@ -15,10 +15,4 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "0.4.0"
+version: 0.2.0

packaging/helm/trento-server/charts/trento-web/templates/deployment.yaml

@@ -41,7 +41,7 @@ spec:
               value: {{ .Release.Name }}-consul-server:8500
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           ports:
             - name: http

packaging/helm/trento-server/charts/trento-web/values.yaml

@@ -3,12 +3,11 @@
 # Declare variables to be passed into your templates.
 
 replicaCount: 1
-  
+
 image:
-  repository: ghcr.io/trento-project/trento
-  pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
-  tag: ""
+  repository: ghcr.io/trento-project/trento-web
+  pullPolicy: Always
+  tag: "rolling"
 
 imagePullSecrets: []
 nameOverride: ""