fix(ci): apko login before publish (#1217)

* fix(ci): apko login before publish * fix(ci): apko login before publish * fix(ci): apko login before publish * fix(ci): apko login before publish * f
replicatedhq · Sep 23, 2024 · 41cdc9f · 41cdc9f
1 parent 3fe217d
commit 41cdc9f
Show file tree

Hide file tree

Showing 11 changed files with 103 additions and 198 deletions.
diff --git a/.github/actions/setup-melange/action.yml b/.github/actions/setup-melange/action.yml
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -122,19 +122,6 @@ jobs:
           go-version-file: go.mod
           cache-dependency-path: "**/*.sum"
 
-      - name: Cache melange
-        uses: actions/cache@v4
-        with:
-          path: |
-            local-artifact-mirror/cache/.melange-cache
-            operator/cache/.melange-cache
-          key: melange-cache
-
-      - name: Setup melange
-        uses: ./.github/actions/setup-melange
-        with:
-          setup-go: false
-
       - name: Install dagger
         run: |
           curl -fsSL https://dl.dagger.io/dagger/install.sh | sh
@@ -203,19 +190,6 @@ jobs:
           go-version-file: go.mod
           cache-dependency-path: "**/*.sum"
 
-      - name: Cache melange
-        uses: actions/cache@v4
-        with:
-          path: |
-            local-artifact-mirror/cache/.melange-cache
-            operator/cache/.melange-cache
-          key: melange-cache
-
-      - name: Setup melange
-        uses: ./.github/actions/setup-melange
-        with:
-          setup-go: false
-
       - name: Install dagger
         run: |
           curl -fsSL https://dl.dagger.io/dagger/install.sh | sh
@@ -282,19 +256,6 @@ jobs:
           go-version-file: go.mod
           cache-dependency-path: "**/*.sum"
 
-      - name: Cache melange
-        uses: actions/cache@v4
-        with:
-          path: |
-            local-artifact-mirror/cache/.melange-cache
-            operator/cache/.melange-cache
-          key: melange-cache
-
-      - name: Setup melange
-        uses: ./.github/actions/setup-melange
-        with:
-          setup-go: false
-
       - name: Install dagger
         run: |
           curl -fsSL https://dl.dagger.io/dagger/install.sh | sh

diff --git a/.github/workflows/image-scan.yaml b/.github/workflows/image-scan.yaml
@@ -28,17 +28,6 @@ jobs:
         with:
           fetch-depth: 0 # fetch all history so that we can get the previous tag
 
-      - name: Cache Melange
-        uses: actions/cache@v4
-        with:
-          path: |
-            local-artifact-mirror/cache/.melange-cache
-            operator/cache/.melange-cache
-          key: melange-cache
-
-      - name: Setup melange
-        uses: ./.github/actions/setup-melange
-
       - name: Install dagger
         run: |
           curl -fsSL https://dl.dagger.io/dagger/install.sh | sh

diff --git a/.github/workflows/release-prod.yaml b/.github/workflows/release-prod.yaml
@@ -59,16 +59,6 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Cache Melange
-        uses: actions/cache@v4
-        with:
-          path: |
-            operator/cache/.melange-cache
-          key: melange-cache
-
-      - name: Setup melange
-        uses: ./.github/actions/setup-melange
-
       - name: Install dagger
         run: |
           curl -fsSL https://dl.dagger.io/dagger/install.sh | sh
@@ -77,11 +67,11 @@ jobs:
       - name: Build and push operator image
         id: operator-image
         env:
-          REGISTRY: docker.io
-          USERNAME: ${{ secrets.DOCKERHUB_USER }}
-          PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
+          REGISTRY_SERVER: docker.io
+          REGISTRY_USERNAME: ${{ secrets.DOCKERHUB_USER }}
+          REGISTRY_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
         run: |
-          make -C operator apko apko-login build-and-push-operator-image \
+          make -C operator build-and-push-operator-image \
             PACKAGE_VERSION=${{ needs.get-tag.outputs.tag-name }}
           echo "image=$(cat operator/build/image)" >> $GITHUB_OUTPUT
 
@@ -114,16 +104,6 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Cache Melange
-        uses: actions/cache@v4
-        with:
-          path: |
-            local-artifact-mirror/cache/.melange-cache
-          key: melange-cache
-
-      - name: Setup melange
-        uses: ./.github/actions/setup-melange
-
       - name: Install dagger
         run: |
           curl -fsSL https://dl.dagger.io/dagger/install.sh | sh
@@ -132,11 +112,11 @@ jobs:
       - name: Build and push local-artifact-mirror image
         id: local-artifact-mirror
         env:
-          REGISTRY: docker.io
-          USERNAME: ${{ secrets.DOCKERHUB_USER }}
-          PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
+          REGISTRY_SERVER: docker.io
+          REGISTRY_USERNAME: ${{ secrets.DOCKERHUB_USER }}
+          REGISTRY_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
         run: |
-          make -C local-artifact-mirror apko apko-login build-and-push-local-artifact-mirror-image \
+          make -C local-artifact-mirror build-and-push-local-artifact-mirror-image \
             PACKAGE_VERSION=${{ needs.get-tag.outputs.tag-name }}
           echo "image=$(cat local-artifact-mirror/build/image)" >> $GITHUB_OUTPUT
 

diff --git a/dagger/chainguard.go b/dagger/chainguard.go
@@ -98,6 +98,7 @@ func (m *chainguard) apkoPublish(
 		From(fmt.Sprintf("cgr.dev/chainguard/apko:%s", imageTag)).
 		WithDirectory("/workspace", src).
 		WithFile("/workspace/apko.yaml", apkoFile).
+		WithEnvVariable("DOCKER_CONFIG", "/workspace/.docker").
 		WithWorkdir("/workspace").
 		WithExec(
 			[]string{
@@ -109,3 +110,27 @@ func (m *chainguard) apkoPublish(
 
 	return c
 }
+
+func (m *chainguard) apkoLogin(
+	src *dagger.Directory,
+	registryServer string,
+	registryUsername string,
+	registryPassword string,
+	// +default="latest"
+	imageTag string,
+) *dagger.Container {
+	c := dag.Container().
+		From(fmt.Sprintf("cgr.dev/chainguard/apko:%s", imageTag)).
+		WithDirectory("/workspace", src).
+		WithEnvVariable("DOCKER_CONFIG", "/workspace/.docker").
+		WithWorkdir("/workspace").
+		WithExec([]string{
+			"apko", "login", registryServer,
+			"--username", registryUsername,
+			"--password-stdin",
+		}, dagger.ContainerWithExecOpts{
+			Stdin: registryPassword,
+		})
+
+	return c
+}
diff --git a/dagger/localartifactmirror.go b/dagger/localartifactmirror.go
@@ -72,6 +72,10 @@ func (m *EmbeddedCluster) PublishLocalArtifactMirrorImage(
 		WithFile("melange.rsa.pub", pkgBuild.File("melange.rsa.pub")).
 		WithDirectory("packages", pkgBuild.Directory("packages"))
 
+	if m.RegistryAuth != nil {
+		dir = dir.WithDirectory("/workspace/.docker", m.RegistryAuth)
+	}
+
 	publish := m.apkoPublish(
 		dir,
 		apkoFile,

diff --git a/dagger/main.go b/dagger/main.go
@@ -1,17 +1,38 @@
 package main
 
-import "dagger/embedded-cluster/internal/dagger"
+import (
+	"context"
+	"dagger/embedded-cluster/internal/dagger"
+	"fmt"
+)
 
 const (
 	APKOImageVersion    = "latest"
 	MelangeImageVersion = "latest"
 )
 
 type EmbeddedCluster struct {
+	RegistryAuth *dagger.Directory
+
 	common
 	chainguard
 }
 
+func (m *EmbeddedCluster) WithRegistryLogin(
+	ctx context.Context,
+	server string,
+	username string,
+	password *dagger.Secret,
+) (*EmbeddedCluster, error) {
+	plain, err := password.Plaintext(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("get registry password from secret: %w", err)
+	}
+	c := m.apkoLogin(dag.Directory(), server, username, plain, APKOImageVersion)
+	m.RegistryAuth = c.Directory("/workspace/.docker")
+	return m, nil
+}
+
 // directoryWithCommonGoFiles sets up the filesystem with only what we need to build for improved
 // caching.
 func directoryWithCommonGoFiles(dir *dagger.Directory, src *dagger.Directory) *dagger.Directory {

diff --git a/dagger/operator.go b/dagger/operator.go
@@ -72,15 +72,19 @@ func (m *EmbeddedCluster) PublishOperatorImage(
 		WithFile("melange.rsa.pub", pkgBuild.File("melange.rsa.pub")).
 		WithDirectory("packages", pkgBuild.Directory("packages"))
 
-	build := m.apkoPublish(
+	if m.RegistryAuth != nil {
+		dir = dir.WithDirectory("/workspace/.docker", m.RegistryAuth)
+	}
+
+	publish := m.apkoPublish(
 		dir,
 		apkoFile,
 		image,
 		arch,
 		APKOImageVersion,
 	)
 
-	return build.Stdout(ctx)
+	return publish.Stdout(ctx)
 }
 
 // Builds the operator package with Melange.

diff --git a/local-artifact-mirror/Makefile b/local-artifact-mirror/Makefile
@@ -62,11 +62,25 @@ build-and-push-local-artifact-mirror-image:
 .PHONY: build-and-push-local-artifact-mirror-image-chainguard
 build-and-push-local-artifact-mirror-image-chainguard:
 	mkdir -p build
-	dagger call publish-local-artifact-mirror-image \
-		--ec-version $(PACKAGE_VERSION) \
-		--repo $(IMAGE_NAME) \
-		--arch $(ARCH) \
-		> build/digest
+ifdef REGISTRY_SERVER
+	dagger call \
+		with-registry-login \
+			--server $(REGISTRY_SERVER) \
+			--username $(REGISTRY_USERNAME) \
+			--password env:REGISTRY_PASSWORD \
+		publish-local-artifact-mirror-image \
+			--ec-version $(PACKAGE_VERSION) \
+			--repo $(IMAGE_NAME) \
+			--arch $(ARCH) \
+	> build/digest
+else
+	dagger call \
+		publish-local-artifact-mirror-image \
+			--ec-version $(PACKAGE_VERSION) \
+			--repo $(IMAGE_NAME) \
+			--arch $(ARCH) \
+	> build/digest
+endif
 	@$(MAKE) apko-output-image IMAGE="$(IMAGE_NAME):$(call image-tag,$(PACKAGE_VERSION))"
 
 .PHONY: build-and-push-local-artifact-mirror-image-dockerfile