Migrate to ghcr.io (#683)

* Push cke image to ghcr.io Signed-off-by: Masayuki Ishii <[email protected]> * Use gh command Signed-off-by: Masayuki Ishii <[email protected]> * Use ghcr containers Signed-off-by: Masayuki Ishii <[email protected]> * Use ghcr containers for test Signed-off-by: Masayuki Ishii <[email protected]> * Push branch tag * Fix image name --------- Signed-off-by: Masayuki Ishii <[email protected]>
cybozu-go · Dec 11, 2023 · 3924719 · 3924719
1 parent 9a55708
commit 3924719
Show file tree

Hide file tree

Showing 20 changed files with 68 additions and 57 deletions.
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -20,7 +20,7 @@ jobs:
       - run: docker run -d --network host gcr.io/etcd-development/etcd:v3.5.10
       - run: make test
       - run: make install GOBIN=$(pwd)/docker
-      - run: docker build -t quay.io/cybozu/cke:latest ./docker
+      - run: docker build -t ghcr.io/cybozu-go/cke:latest ./docker
   mtest:
     name: Mtest
     runs-on: ubuntu-22.04
@@ -108,7 +108,7 @@ jobs:
       - name: Check image consistency
         run: |
           REV=$(awk '/const Version/ {print $4}' ../version.go | sed -E 's/^"(1.[[:digit:]]+).*/\1/')
-          COMPOSE_REV=$(sed -nE 's,.*quay.io/cybozu/cke:(.*)$,\1,p' docker-compose.yml)
+          COMPOSE_REV=$(sed -nE 's,.*ghcr.io/cybozu-go/cke:(.*)$,\1,p' docker-compose.yml)
           if [ "$REV" != "$COMPOSE_REV" ]; then
               echo Update CKE branch tag in example/docker-compose.yml
           fi

diff --git a/.github/workflows/release-images.yaml b/.github/workflows/release-images.yaml
@@ -4,7 +4,6 @@ on:
     tags:
       - 'v*'
 env:
-  tag: ${GITHUB_REF#refs/tags/v}
   prerelease: ${{ contains(github.ref, '-') }}
 jobs:
   sonobuoy:
@@ -47,45 +46,57 @@ jobs:
         with:
           go-version-file: go.mod
       - run: make install GOBIN=$(pwd)/docker
-      - run: docker build -t quay.io/cybozu/cke:latest ./docker
-      - name: Push docker image to Quay.io
-        run: |
-          echo ${{ secrets.QUAY_PASSWORD }} | docker login -u ${{ secrets.QUAY_USER }} --password-stdin quay.io
-          echo "pushing CKE image ..."
-          docker tag quay.io/cybozu/cke:latest quay.io/cybozu/cke:${{ env.tag }}
-          docker push quay.io/cybozu/cke:${{ env.tag }}
-          if ${{ env.prerelease }} ; then
-              echo ===== Skip pushing branch tags for pre-release ${{ env.tag }} =====
-              exit 0
-          fi
-          BRANCH=$(echo ${{ env.tag }} | cut -d "." -f 1-2)
-          docker tag quay.io/cybozu/cke:latest quay.io/cybozu/cke:$BRANCH
-          docker push quay.io/cybozu/cke:$BRANCH
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          flavor: |
+            latest=false
+          images: |
+            ghcr.io/${{ github.repository_owner }}/cke
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}},enable=${{ env.prerelease == 'false' }}
+      - name: Log in to ghcr.io
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and Push cke
+        uses: docker/build-push-action@v5
+        with:
+          context: ./docker
+          push: true
+          platforms: linux/amd64
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
   release-github:
     name: Release on GitHub
     runs-on: ubuntu-22.04
-    container:
-      image: quay.io/cybozu/golang:1.20-jammy
     needs: release-cke-image
     steps:
       - uses: actions/checkout@v4
       - name: Download sonobuoy test
         uses: actions/download-artifact@v3
         with:
           name: sonobuoy-test
+      - name: Extract tag
+        id: extract-tag
+        run: echo "tag=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
       - name: Prepare files
         run: |
           mkdir /tmp/upload
           cp ./sonobuoy.tar.gz /tmp/upload
           tar xzf ./sonobuoy.tar.gz -C /tmp/upload --strip-components=4 plugins/e2e/results/global/e2e.log plugins/e2e/results/global/junit_01.xml
-          sed "s/vX\.Y\.Z/v${{ env.tag }}/" sonobuoy/README.md > /tmp/upload/README.md
-          sed "s/vX\.Y\.Z/v${{ env.tag }}/" sonobuoy/PRODUCT.yaml > /tmp/upload/PRODUCT.yaml
+          sed "s/vX\.Y\.Z/v${{ steps.extract-tag.outputs.tag }}/" sonobuoy/README.md > /tmp/upload/README.md
+          sed "s/vX\.Y\.Z/v${{ steps.extract-tag.outputs.tag }}/" sonobuoy/PRODUCT.yaml > /tmp/upload/PRODUCT.yaml
           GOBIN=/tmp/upload CGO_ENABLED=0 go install -buildvcs=false ./pkg/cke ./pkg/ckecli
       - name: Create release
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          OWNER=$(echo ${{ github.repository }} | cut -d '/' -f 1)
-          REPOSITORY=$(echo ${{ github.repository }} | cut -d '/' -f 2)
           if ${{ env.prerelease }}; then
-            PRERELEASE="-prerelease"
+            PRERELEASE="--prerelease"
           fi
-          ghr -t ${{ secrets.GITHUB_TOKEN }} -u ${OWNER} -r ${REPOSITORY} -n v${{ env.tag }} ${PRERELEASE} -b "See [CHANGELOG.md](./CHANGELOG.md) for details." v${{ env.tag }} /tmp/upload/
+          gh release create v${{ steps.extract-tag.outputs.tag }} ${PRERELEASE} -t v${{ steps.extract-tag.outputs.tag }}  -n "See [CHANGELOG.md](./CHANGELOG.md) for details." /tmp/upload/*
diff --git a/README.md b/README.md
@@ -133,7 +133,7 @@ Usage
 ```console
 $ docker run -d --read-only \
     --network host --name cke \
-    quay.io/cybozu/cke:1.18 [options...]
+    ghcr.io/cybozu-go/cke:1.27 [options...]
 ```
 
 ### Install `ckecli` and `cke-localproxy` to a host directory
@@ -142,13 +142,13 @@ $ docker run -d --read-only \
 $ docker run --rm -u root:root \
     --entrypoint /usr/local/cke/install-tools \
     --mount type=bind,src=DIR,target=/host \
-    quay.io/cybozu/cke:1.18
+    ghcr.io/cybozu-go/cke:1.27
 ```
 
 Docker images
 -------------
 
-Docker images are available on [Quay.io](https://quay.io/repository/cybozu/cke)
+Docker images are available on [ghcr.io](https://github.com/cybozu-go/cke/pkgs/container/cke)
 
 Feedback
 --------

diff --git a/RELEASE.md b/RELEASE.md
@@ -74,7 +74,7 @@ It should look like:
     $ git push origin "v$VERSION"
     ```
 
-Then GitHub Actions automatically builds and pushes the tagged container image to [quay.io](https://quay.io/cybozu/cke).
+Then GitHub Actions automatically builds and pushes the tagged container image to [ghcr.io](https://github.com/cybozu-go/cke/pkgs/container/cke).
 
 GitHub Actions also creates a GitHub release automatically after running [sonobuoy](./sonobuoy) tests.
 So, **DO NOT MANUALLY CREATE GITHUB RELEASES**.  The test results will be attached to the GitHub

diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -1,5 +1,5 @@
 # CKE container
-FROM quay.io/cybozu/ubuntu:22.04
+FROM ghcr.io/cybozu/ubuntu:22.04
 
 COPY cke /usr/local/cke/bin/cke
 COPY ckecli /usr/local/cke/bin/ckecli

diff --git a/docs/design.md b/docs/design.md
@@ -80,7 +80,7 @@ Implementation policies
 
 * Assets are compiled into Docker images.
 
-    * Third-party docker images should be mirrored on `quay.io/cybozu`.
+    * Third-party docker images should be mirrored on `ghcr.io/cybozu`.
 
 * CKE does not install any tools onto node OS other than containers.
 

diff --git a/example/docker-compose.yml b/example/docker-compose.yml
@@ -19,7 +19,7 @@ services:
       - /entrypoint.sh
   setup:
     container_name: setup
-    image: quay.io/cybozu/ubuntu-debug:22.04
+    image: ghcr.io/cybozu/ubuntu-debug:22.04
     networks:
       app_net:
         ipv4_address: 172.30.0.12
@@ -56,7 +56,7 @@ services:
       - /entrypoint.sh
   etcd:
     container_name: etcd
-    image: quay.io/cybozu/etcd:3.5
+    image: ghcr.io/cybozu/etcd:3.5
     networks:
       app_net:
         ipv4_address: 172.30.0.14

diff --git a/images.go b/images.go
@@ -10,13 +10,13 @@ func (i Image) Name() string {
 
 // Container image definitions
 const (
-	EtcdImage            = Image("quay.io/cybozu/etcd:3.5.10.1")
-	KubernetesImage      = Image("quay.io/cybozu/kubernetes:1.27.8.1")
-	ToolsImage           = Image("quay.io/cybozu/cke-tools:1.27.0")
-	PauseImage           = Image("quay.io/cybozu/pause:3.9.0.2")
-	CoreDNSImage         = Image("quay.io/cybozu/coredns:1.11.1.1")
+	EtcdImage            = Image("ghcr.io/cybozu/etcd:3.5.10.2")
+	KubernetesImage      = Image("ghcr.io/cybozu/kubernetes:1.27.8.2")
+	ToolsImage           = Image("ghcr.io/cybozu-go/cke-tools:1.27.1")
+	PauseImage           = Image("ghcr.io/cybozu/pause:3.9.0.4")
+	CoreDNSImage         = Image("ghcr.io/cybozu/coredns:1.11.1.2")
 	UnboundImage         = Image("ghcr.io/cybozu/unbound:1.18.0.2")
-	UnboundExporterImage = Image("quay.io/cybozu/unbound_exporter:0.4.4.1")
+	UnboundExporterImage = Image("ghcr.io/cybozu/unbound_exporter:0.4.4.2")
 )
 
 // AllImages return container images list used by CKE

diff --git a/mtest/Makefile b/mtest/Makefile
@@ -42,7 +42,7 @@ OUTPUT := ./output
 DATA_DIR := $(abspath $(OUTPUT))/data
 FLATCAR_IMAGE := flatcar_production_qemu_image.img
 CKE_IMAGE := $(abspath $(OUTPUT))/cke.img
-CKE_IMAGE_URL := quay.io/cybozu/cke:dev
+CKE_IMAGE_URL := ghcr.io/cybozu-go/cke:dev
 CKECLUSTER := $(DATA_DIR)/cluster.yml
 CKECONFIG := $(abspath $(OUTPUT))/cke.yml
 KUBECTL := $(abspath $(OUTPUT))/kubectl

diff --git a/mtest/httpd.yml b/mtest/httpd.yml
@@ -7,5 +7,5 @@ metadata:
 spec:
   containers:
     - name: httpd
-      image: quay.io/cybozu/testhttpd:0
+      image: ghcr.io/cybozu/testhttpd:0
   hostNetwork: true
diff --git a/mtest/kubernetes_test.go b/mtest/kubernetes_test.go
@@ -123,7 +123,7 @@ func testKubernetes() {
 }`, node)
 		overrideFile := remoteTempFile(overrides)
 		_, stderr, err = kubectl("run",
-			"-n="+namespace, "--image=quay.io/cybozu/ubuntu:22.04", "--overrides=\"$(cat "+overrideFile+")\"", "--restart=Never",
+			"-n="+namespace, "--image=ghcr.io/cybozu/ubuntu:22.04", "--overrides=\"$(cat "+overrideFile+")\"", "--restart=Never",
 			"client", "--", "pause")
 		Expect(err).NotTo(HaveOccurred(), "stderr: %s, err: %v", stderr, err)
 
@@ -251,7 +251,7 @@ func testKubernetes() {
 		}).Should(Succeed())
 
 		By("querying www.cybozu.com using node DNS from ubuntu pod")
-		_, stderr, err = kubectl("run", "-n="+namespace, "--image=quay.io/cybozu/ubuntu:22.04", "--restart=Never",
+		_, stderr, err = kubectl("run", "-n="+namespace, "--image=ghcr.io/cybozu/ubuntu:22.04", "--restart=Never",
 			"client", "--", "pause")
 		Expect(err).NotTo(HaveOccurred(), "stderr: %s", stderr)
 		Eventually(func() error {

diff --git a/mtest/node-ign.yml b/mtest/node-ign.yml
@@ -99,7 +99,7 @@ storage:
               stream_server_port = "10010"
               stream_idle_timeout = "4h0m0s"
               enable_selinux = false
-              sandbox_image = "quay.io/cybozu/pause:3.1"
+              sandbox_image = "ghcr.io/cybozu/pause:3.9"
               stats_collect_period = 10
               systemd_cgroup = false
               enable_tls_streaming = false

diff --git a/mtest/reboot-alittleslow-eviction-deployment.yaml b/mtest/reboot-alittleslow-eviction-deployment.yaml
@@ -15,7 +15,7 @@ spec:
     spec:
       containers:
         - name: ubuntu
-          image: quay.io/cybozu/ubuntu:22.04
+          image: ghcr.io/cybozu/ubuntu:22.04
           # Because sleep command ignores SIGTERM,
           # this Pod will stay Terminating state after deletion
           # for the time specified by terminationGracePeriodSeconds.

diff --git a/mtest/reboot-deployment.yaml b/mtest/reboot-deployment.yaml
@@ -15,7 +15,7 @@ spec:
     spec:
       containers:
         - name: httpd
-          image: quay.io/cybozu/testhttpd:0
+          image: ghcr.io/cybozu/testhttpd:0
 ---
 apiVersion: policy/v1
 kind: PodDisruptionBudget

diff --git a/mtest/reboot-job-completed.yaml b/mtest/reboot-job-completed.yaml
@@ -8,7 +8,7 @@ spec:
     spec:
       containers:
       - name: ubuntu
-        image: quay.io/cybozu/ubuntu:22.04
+        image: ghcr.io/cybozu/ubuntu:22.04
         command: ["true"]
       restartPolicy: Never
   backoffLimit: 1
diff --git a/mtest/reboot-job-running.yaml b/mtest/reboot-job-running.yaml
@@ -8,7 +8,7 @@ spec:
     spec:
       containers:
       - name: ubuntu
-        image: quay.io/cybozu/ubuntu:22.04
+        image: ghcr.io/cybozu/ubuntu:22.04
         command: ["sleep", "3600"]
       restartPolicy: Never
   backoffLimit: 1
diff --git a/mtest/reboot-slow-eviction-deployment.yaml b/mtest/reboot-slow-eviction-deployment.yaml
@@ -15,7 +15,7 @@ spec:
     spec:
       containers:
         - name: ubuntu
-          image: quay.io/cybozu/ubuntu:22.04
+          image: ghcr.io/cybozu/ubuntu:22.04
           # Because sleep command ignores SIGTERM,
           # this Pod will stay Terminating state after deletion
           # for the time specified by terminationGracePeriodSeconds.

diff --git a/mtest/suite_test.go b/mtest/suite_test.go
@@ -30,7 +30,7 @@ func TestMtest(t *testing.T) {
 var _ = BeforeSuite(func() {
 	img := ckeImageURL
 	if testSuite == "upgrade" {
-		img = "quay.io/cybozu/cke:" + cke.Version
+		img = "ghcr.io/cybozu-go/cke:" + cke.Version
 	}
 
 	fmt.Println("Preparing...")

diff --git a/sonobuoy/docker-compose.yml b/sonobuoy/docker-compose.yml
@@ -2,7 +2,7 @@ version: '2'
 services:
   cke:
     container_name: cke
-    image: quay.io/cybozu/ubuntu:22.04
+    image: ghcr.io/cybozu/ubuntu:22.04
     networks:
       app_net:
         ipv4_address: 172.30.0.11
@@ -19,7 +19,7 @@ services:
       - --loglevel=debug
   setup:
     container_name: setup
-    image: quay.io/cybozu/ubuntu-debug:22.04
+    image: ghcr.io/cybozu/ubuntu-debug:22.04
     networks:
       app_net:
         ipv4_address: 172.30.0.12
@@ -56,7 +56,7 @@ services:
       - /entrypoint.sh
   etcd:
     container_name: etcd
-    image: quay.io/cybozu/etcd:3.5
+    image: ghcr.io/cybozu/etcd:3.5
     networks:
       app_net:
         ipv4_address: 172.30.0.14