Merge pull request nephio-project#111 from radoslawc/gha_image_build

Switch image building from Prow to GitHub Actions
nokia · Sep 17, 2024 · 7b3e6e4 · 7b3e6e4
2 parents c349dbb + 15964bd
commit 7b3e6e4
Show file tree

Hide file tree

Showing 2 changed files with 79 additions and 164 deletions.
diff --git a/.github/workflows/dev-image-build.yaml b/.github/workflows/dev-image-build.yaml
@@ -0,0 +1,79 @@
+name: Dev Image Build
+
+on:
+  push:
+    branches:
+      - main
+    paths-ignore:
+      - "docs/**"
+      - "release/**"
+      - ".prow.yaml"
+      - "OWNERS"
+  workflow_dispatch:
+
+env:
+  REGISTRY: docker.io
+  ORG: nephio
+
+permissions:
+  contents: read
+
+jobs:
+  build-and-push-image:
+    if: github.repository_owner == 'nephio-project'
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - dockerfile: ./build/Dockerfile
+            image: docker.io/nephio/porch-server
+          - dockerfile: ./controllers/Dockerfile
+            image: docker.io/nephio/porch-controllers
+          - dockerfile: ./func/Dockerfile
+            image: docker.io/nephio/porch-function-runner
+          - dockerfile: ./func/Dockerfile-wrapperserver
+            image: docker.io/nephio/porch-wrapper-server
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        with:
+          egress-policy: audit
+
+      - name: Checkout repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
+        with:
+          images: ${{ matrix.image }}
+          tags: |
+            type=sha
+
+      - name: Build and push Docker images
+        uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
+        with:
+          context: .
+          file: ${{ matrix.dockerfile }}
+          push: true
+          tags: |
+            ${{ steps.meta.outputs.tags }}
+            ${{ matrix.image }}:latest
+          labels: ${{ steps.meta.outputs.labels }}
+          no-cache: true
+          sbom: true
diff --git a/.prow.yaml b/.prow.yaml
@@ -9,167 +9,3 @@ presubmits:
         - make
         args:
         - ci-unit
-postsubmits:
-  - name: build-push-porch-server-dev-image
-    cluster: default
-    always_run: true
-    branches:
-    - "main"
-    annotations:
-      description: Build and Push Dev Image to DockerHub
-    decorate: true
-    decoration_config:
-      censor_secrets: true
-    max_concurrency: 1
-    extra_refs:
-    - org: nephio-project
-      repo: porch
-      base_ref: main
-      path_alias: "porch_build"
-    spec:
-      containers:
-      - name: kaniko
-        image: gcr.io/kaniko-project/executor:debug
-        command:
-        - "/bin/sh"
-        - "-c"
-        - |
-          executor --context=/home/prow/go/src/porch_build/ --dockerfile=build/Dockerfile --destination=nephio/porch-server:${PULL_BASE_REF} --destination=nephio/porch-server:latest --cache=false --cleanup
-        volumeMounts:
-          - name: kaniko-secret
-            mountPath: /kaniko/.docker/
-        resources:
-          requests:
-            cpu: 1
-            memory: 1Gi
-      volumes:
-        - name: kaniko-secret
-          secret:
-            secretName: regcred
-            items:
-              - key: .dockerconfigjson
-                path: config.json
-
-
-  - name: build-push-porch-controllers-dev-image
-    cluster: default
-    always_run: true
-    branches:
-    - "main"
-    annotations:
-      description: Build and Push Dev Image to DockerHub
-    decorate: true
-    decoration_config:
-      censor_secrets: true
-    max_concurrency: 1
-    extra_refs:
-    - org: nephio-project
-      repo: porch
-      base_ref: main
-      path_alias: "porch_build"
-    spec:
-      containers:
-      - name: kaniko
-        image: gcr.io/kaniko-project/executor:debug
-        command:
-        - "/bin/sh"
-        - "-c"
-        - |
-          executor --context=/home/prow/go/src/porch_build/ --dockerfile=controllers/Dockerfile --destination=nephio/porch-controllers:${PULL_BASE_REF} --destination=nephio/porch-controllers:latest  --cache=false --cleanup
-        volumeMounts:
-          - name: kaniko-secret
-            mountPath: /kaniko/.docker/
-        resources:
-          requests:
-            cpu: 1
-            memory: 1Gi
-      volumes:
-        - name: kaniko-secret
-          secret:
-            secretName: regcred
-            items:
-              - key: .dockerconfigjson
-                path: config.json
-
-
-  - name: build-push-porch-function-runner-dev-image
-    cluster: default
-    always_run: true
-    branches:
-    - "main"
-    annotations:
-      description: Build and Push Dev Image to DockerHub
-    decorate: true
-    decoration_config:
-      censor_secrets: true
-    max_concurrency: 1
-    extra_refs:
-    - org: nephio-project
-      repo: porch
-      base_ref: main
-      path_alias: "porch_build"
-    spec:
-      containers:
-      - name: kaniko
-        image: gcr.io/kaniko-project/executor:debug
-        command:
-        - "/bin/sh"
-        - "-c"
-        - |
-          executor --context=/home/prow/go/src/porch_build/ --dockerfile=func/Dockerfile --destination=nephio/porch-function-runner:${PULL_BASE_REF} --destination=nephio/porch-function-runner:latest  --cache=false --cleanup
-        volumeMounts:
-          - name: kaniko-secret
-            mountPath: /kaniko/.docker/
-        resources:
-          requests:
-            cpu: 1
-            memory: 1Gi
-      volumes:
-        - name: kaniko-secret
-          secret:
-            secretName: regcred
-            items:
-              - key: .dockerconfigjson
-                path: config.json
-
-
-  - name: build-push-porch-wrapper-server-dev-image
-    cluster: default
-    always_run: true
-    branches:
-    - "main"
-    annotations:
-      description: Build and Push Dev Image to DockerHub
-    decorate: true
-    decoration_config:
-      censor_secrets: true
-    max_concurrency: 1
-    extra_refs:
-    - org: nephio-project
-      repo: porch
-      base_ref: main
-      path_alias: "porch_build"
-    spec:
-      containers:
-      - name: kaniko
-        image: gcr.io/kaniko-project/executor:debug
-        command:
-        - "/bin/sh"
-        - "-c"
-        - |
-          executor --context=/home/prow/go/src/porch_build/ --dockerfile=func/Dockerfile-wrapperserver --destination=nephio/porch-wrapper-server:${PULL_BASE_REF} --destination=nephio/porch-wrapper-server:latest  --cache=false --cleanup
-        volumeMounts:
-          - name: kaniko-secret
-            mountPath: /kaniko/.docker/
-        resources:
-          requests:
-            cpu: 1
-            memory: 1Gi
-      volumes:
-        - name: kaniko-secret
-          secret:
-            secretName: regcred
-            items:
-              - key: .dockerconfigjson
-                path: config.json
-