Skip to content

Commit 5895e25

Browse files
author
Daniel Chen
authored
Migrate images to GHCR (buildpacks-community#1853)
* switch to ghcr for image hosting Currently, the images are hosted on a GCP project paid for by Broadcom. We've been told that Broadcom doesn't like public facing GCP projects that aren't behind a firewall. So we're making the switch to GitHub Container Registry Signed-off-by: Bohan Chen <daniel.chen@broadcom.com> * switch to mirror for lifecycle image we were getting rate limited during our tests when trying to pull from index.docker.io, afaik mirror.gcr.io does not have this restriction Signed-off-by: Bohan Chen <daniel.chen@broadcom.com> --------- Signed-off-by: Bohan Chen <daniel.chen@broadcom.com>
1 parent b824788 commit 5895e25

6 files changed

Lines changed: 49 additions & 25 deletions

File tree

.github/workflows/ci.yaml

Lines changed: 22 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ env:
1919
PUBLIC_IMAGE_DEV_REPO: ${{ vars.PUBLIC_IMAGE_DEV_REPO }}
2020
PUBLIC_IMAGE_REPO: ${{ vars.PUBLIC_IMAGE_REPO }}
2121
PACK_VERSION: ${{ vars.PACK_VERSION }}
22-
LIFECYCLE_IMAGE_REF: buildpacksio/lifecycle
22+
LIFECYCLE_IMAGE_REF: mirror.gcr.io/buildpacksio/lifecycle
2323

2424
jobs:
2525
unit:
@@ -49,9 +49,9 @@ jobs:
4949
- name: Docker Login
5050
uses: docker/login-action@v3.3.0
5151
with:
52-
registry: ${{ secrets.REGISTRY_HOST }}
53-
username: ${{ secrets.REGISTRY_USER }}
54-
password: ${{ secrets.REGISTRY_PASSWORD }}
52+
registry: ghcr.io
53+
username: ${{ github.actor }}
54+
password: ${{ secrets.GITHUB_TOKEN }}
5555
- name: Build
5656
uses: ./.github/actions/pack-build
5757
with:
@@ -68,9 +68,9 @@ jobs:
6868
- name: Docker Login
6969
uses: docker/login-action@v3.3.0
7070
with:
71-
registry: ${{ secrets.REGISTRY_HOST }}
72-
username: ${{ secrets.REGISTRY_USER }}
73-
password: ${{ secrets.REGISTRY_PASSWORD }}
71+
registry: ghcr.io
72+
username: ${{ github.actor }}
73+
password: ${{ secrets.GITHUB_TOKEN }}
7474
- name: Build
7575
uses: ./.github/actions/pack-build
7676
with:
@@ -87,9 +87,9 @@ jobs:
8787
- name: Docker Login
8888
uses: docker/login-action@v3.3.0
8989
with:
90-
registry: ${{ secrets.REGISTRY_HOST }}
91-
username: ${{ secrets.REGISTRY_USER }}
92-
password: ${{ secrets.REGISTRY_PASSWORD }}
90+
registry: ghcr.io
91+
username: ${{ github.actor }}
92+
password: ${{ secrets.GITHUB_TOKEN }}
9393
- name: Build
9494
uses: ./.github/actions/pack-build
9595
with:
@@ -106,9 +106,9 @@ jobs:
106106
- name: Docker Login
107107
uses: docker/login-action@v3.3.0
108108
with:
109-
registry: ${{ secrets.REGISTRY_HOST }}
110-
username: ${{ secrets.REGISTRY_USER }}
111-
password: ${{ secrets.REGISTRY_PASSWORD }}
109+
registry: ghcr.io
110+
username: ${{ github.actor }}
111+
password: ${{ secrets.GITHUB_TOKEN }}
112112
- name: Build
113113
uses: ./.github/actions/pack-build
114114
with:
@@ -125,9 +125,9 @@ jobs:
125125
- name: Docker Login
126126
uses: docker/login-action@v3.3.0
127127
with:
128-
registry: ${{ secrets.REGISTRY_HOST }}
129-
username: ${{ secrets.REGISTRY_USER }}
130-
password: ${{ secrets.REGISTRY_PASSWORD }}
128+
registry: ghcr.io
129+
username: ${{ github.actor }}
130+
password: ${{ secrets.GITHUB_TOKEN }}
131131
- name: Build
132132
uses: ./.github/actions/pack-build
133133
with:
@@ -144,9 +144,9 @@ jobs:
144144
- name: Docker Login
145145
uses: docker/login-action@v3.3.0
146146
with:
147-
registry: ${{ secrets.REGISTRY_HOST }}
148-
username: ${{ secrets.REGISTRY_USER }}
149-
password: ${{ secrets.REGISTRY_PASSWORD }}
147+
registry: ghcr.io
148+
username: ${{ github.actor }}
149+
password: ${{ secrets.GITHUB_TOKEN }}
150150
- name: Build
151151
uses: ./.github/actions/pack-build
152152
with:
@@ -446,9 +446,9 @@ jobs:
446446
- name: Docker Login
447447
uses: docker/login-action@v3.3.0
448448
with:
449-
registry: ${{ secrets.REGISTRY_HOST }}
450-
username: ${{ secrets.REGISTRY_USER }}
451-
password: ${{ secrets.REGISTRY_PASSWORD }}
449+
registry: ghcr.io
450+
username: ${{ github.actor }}
451+
password: ${{ secrets.GITHUB_TOKEN }}
452452

453453
- name: Parse tag name
454454
run: |

test/config.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,10 @@ type dockerConfigJson struct {
3535
Auths dockerCredentials `json:"auths"`
3636
}
3737

38+
const (
39+
lifecycleImage = "mirror.gcr.io/buildpacksio/lifecycle"
40+
)
41+
3842
func loadConfig(t *testing.T) config {
3943
gitPrivateRepo, _ := os.LookupEnv("GIT_PRIVATE_REPO")
4044
gitUsername, _ := os.LookupEnv("GIT_BASIC_USERNAME")

test/cosign_e2e_test.go

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,13 @@ func testSignBuilder(t *testing.T, _ spec.G, it spec.S) {
4747
)
4848

4949
it.Before(func() {
50+
// register a cleanup function that dumps crds only if the test fails
51+
t.Cleanup(func() {
52+
if t.Failed() {
53+
dumpK8s(t, ctx, clients, testNamespace)
54+
}
55+
})
56+
5057
cfg = loadConfig(t)
5158
builtImages = map[string]struct{}{}
5259

@@ -187,7 +194,7 @@ func testSignBuilder(t *testing.T, _ spec.G, it spec.S) {
187194
Name: clusterLifecycleName,
188195
},
189196
Spec: buildapi.ClusterLifecycleSpec{
190-
ImageSource: corev1alpha1.ImageSource{Image: "buildpacksio/lifecycle"},
197+
ImageSource: corev1alpha1.ImageSource{Image: lifecycleImage},
191198
},
192199
}, metav1.CreateOptions{})
193200
require.NoError(t, err)

test/execute_build_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -269,7 +269,7 @@ func testCreateImage(t *testing.T, _ spec.G, it spec.S) {
269269
Name: clusterLifecycleName,
270270
},
271271
Spec: buildapi.ClusterLifecycleSpec{
272-
ImageSource: corev1alpha1.ImageSource{Image: "buildpacksio/lifecycle"},
272+
ImageSource: corev1alpha1.ImageSource{Image: lifecycleImage},
273273
},
274274
}, metav1.CreateOptions{})
275275
require.NoError(t, err)

test/slsa_test.go

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -74,6 +74,13 @@ func testSlsaBuild(t *testing.T, when spec.G, it spec.S) {
7474
)
7575

7676
it.Before(func() {
77+
// register a cleanup function that dumps crds only if the test fails
78+
t.Cleanup(func() {
79+
if t.Failed() {
80+
dumpK8s(t, ctx, clients, testNamespace)
81+
}
82+
})
83+
7784
cfg = loadConfig(t)
7885
builtImages = map[string]struct{}{}
7986

@@ -215,7 +222,7 @@ func testSlsaBuild(t *testing.T, when spec.G, it spec.S) {
215222
Name: clusterLifecycleName,
216223
},
217224
Spec: buildapi.ClusterLifecycleSpec{
218-
ImageSource: corev1alpha1.ImageSource{Image: "buildpacksio/lifecycle"},
225+
ImageSource: corev1alpha1.ImageSource{Image: lifecycleImage},
219226
},
220227
}, metav1.CreateOptions{})
221228
require.NoError(t, err)

test/testhelpers.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,12 @@ func printObject(t *testing.T, obj interface{}) {
3636

3737
func dumpK8s(t *testing.T, ctx context.Context, clients *clients, namespace string) {
3838
const header = "=================%v=================\n"
39+
t.Logf(header, "ClusterLifecycles")
40+
clusterLifecycles, err := clients.client.KpackV1alpha2().ClusterLifecycles().List(ctx, metav1.ListOptions{})
41+
require.NoError(t, err)
42+
for _, cl := range clusterLifecycles.Items {
43+
printObject(t, cl)
44+
}
3945

4046
t.Logf(header, "ClusterBuilders")
4147
clusterBuilders, err := clients.client.KpackV1alpha2().ClusterBuilders().List(ctx, metav1.ListOptions{})

0 commit comments

Comments
 (0)