From ed639b0185a7dbd641ef968493fc804b16e562ca Mon Sep 17 00:00:00 2001 From: Will Daly Date: Wed, 6 Nov 2024 09:38:15 -0800 Subject: [PATCH] feat: update github workflows to publish retina-shell image (#940) # Description Update GitHub workflows to publish retina-shell image. ## Related Issue https://github.com/microsoft/retina/issues/910 ## Checklist - [x] I have read the [contributing documentation](https://retina.sh/docs/contributing). - [x] I signed and signed-off the commits (`git commit -S -s ...`). See [this documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification) on signing commits. - [x] I have correctly attributed the author(s) of the code. - [x] I have tested the changes locally. - [x] I have followed the project's style guidelines. - [x] I have updated the documentation, if necessary. - [x] I have added tests, if applicable. ## Screenshots (if applicable) or Testing Completed image ## Additional Notes N/A --- Please refer to the [CONTRIBUTING.md](../CONTRIBUTING.md) file for more information on how to contribute to this project. Signed-off-by: Will Daly --- .github/workflows/images.yaml | 59 ++++++++++++++++++++++++--- .github/workflows/release-images.yaml | 49 +++++++++++++++++++++- 2 files changed, 101 insertions(+), 7 deletions(-) diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index 0643d4b653..8c87667767 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -47,7 +47,7 @@ jobs: set -euo pipefail echo "TAG=$(make version)" >> $GITHUB_ENV if [ "$IS_MERGE_GROUP" == "true" ]; then - az acr login -n ${{ vars.ACR_NAME }} + az acr login -n ${{ vars.ACR_NAME }} make retina-image \ IMAGE_NAMESPACE=${{ github.repository }} \ PLATFORM=${{ matrix.platform }}/${{ matrix.arch }} \ @@ -148,7 +148,7 @@ jobs: set -euo pipefail echo "TAG=$(make version)" >> $GITHUB_ENV if [ "$IS_MERGE_GROUP" == "true" ]; then - az acr login -n ${{ vars.ACR_NAME }} + az acr login -n ${{ vars.ACR_NAME }} make retina-operator-image \ IMAGE_NAMESPACE=${{ github.repository }} \ PLATFORM=${{ matrix.platform }}/${{ matrix.arch }} \ @@ -162,15 +162,64 @@ jobs: env: IS_MERGE_GROUP: ${{ github.event_name == 'merge_group' }} + retina-shell-images: + name: Build Retina Shell Images + runs-on: ubuntu-latest + + strategy: + matrix: + platform: ["linux"] + arch: ["amd64", "arm64"] + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - uses: actions/setup-go@v5 + with: + go-version-file: go.mod + - run: go version + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Az CLI login + uses: azure/login@v2 + if: ${{ github.event_name == 'merge_group' }} + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION }} + + - name: Build Images + shell: bash + run: | + set -euo pipefail + echo "TAG=$(make version)" >> $GITHUB_ENV + if [ "$IS_MERGE_GROUP" == "true" ]; then + az acr login -n ${{ vars.ACR_NAME }} + make retina-shell-image \ + IMAGE_NAMESPACE=${{ github.repository }} \ + PLATFORM=${{ matrix.platform }}/${{ matrix.arch }} \ + IMAGE_REGISTRY=${{ vars.ACR_NAME }} \ + BUILDX_ACTION=--push + else + make retina-shell-image \ + IMAGE_NAMESPACE=${{ github.repository }} \ + PLATFORM=${{ matrix.platform }}/${{ matrix.arch }} + fi + env: + IS_MERGE_GROUP: ${{ github.event_name == 'merge_group' }} + manifests: - if: ${{ github.event_name == 'merge_group' && success('retina-images') && success('retina-win-images') && success('operator-images')}} + if: ${{ github.event_name == 'merge_group' && success('retina-images') && success('retina-win-images') && success('operator-images') && success('retina-shell-images')}} name: Generate Manifests runs-on: ubuntu-latest - needs: [retina-images, retina-win-images, operator-images] + needs: [retina-images, retina-win-images, operator-images, retina-shell-images] strategy: matrix: - components: ["retina", "operator"] + components: ["retina", "operator", "shell"] steps: - name: Checkout code diff --git a/.github/workflows/release-images.yaml b/.github/workflows/release-images.yaml index baea20e924..06a7f1e507 100644 --- a/.github/workflows/release-images.yaml +++ b/.github/workflows/release-images.yaml @@ -150,14 +150,57 @@ jobs: cosign sign --yes ${IMAGE_PATH}@${DIGEST} done + retina-shell-images: + name: Build Retina Shell Images + runs-on: ubuntu-latest + + strategy: + matrix: + platform: ["linux"] + arch: ["amd64", "arm64"] + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - uses: actions/setup-go@v5 + with: + go-version-file: go.mod + - run: go version + + - name: Install Cosign + uses: sigstore/cosign-installer@v3.7.0 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Log in to registry + run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin + + - name: Build/Push Images + shell: bash + run: | + set -euo pipefail + echo "TAG=$(make version)" >> $GITHUB_ENV + make retina-shell-image \ + IMAGE_NAMESPACE=${{ github.repository }} \ + PLATFORM=${{ matrix.platform }}/${{ matrix.arch }} \ + BUILDX_ACTION=--push + + - name: Sign container image + run: | + IMAGE_PATH="ghcr.io/${{ github.repository }}/retina-shell:$TAG-${{ matrix.platform }}-${{ matrix.arch }}" + DIGEST=$(jq -r '.["containerimage.digest"]' image-metadata-retina-shell-$TAG-${{ matrix.platform }}-${{ matrix.arch }}.json) + cosign sign --yes ${IMAGE_PATH}@${DIGEST} + manifests: name: Generate Manifests runs-on: ubuntu-latest - needs: [retina-images, retina-win-images, operator-images] + needs: [retina-images, retina-win-images, operator-images, retina-shell-images] strategy: matrix: - component: ["retina", "operator"] + component: ["retina", "operator", "shell"] steps: - name: Checkout code @@ -186,6 +229,8 @@ jobs: images=("retina-agent" "retina-init") if [[ ${{ matrix.component }} == "operator" ]]; then images=("retina-operator") + elif [[ ${{ matrix.component }} == "shell" ]]; then + images=("retina-shell") fi for image in "${images[@]}"; do IMAGE_PATH="ghcr.io/${{ github.repository }}/$image:$TAG"