Skip to content

Commit

Permalink
Don't run make targets while logged in to docker registry
Browse files Browse the repository at this point in the history
Handle login and push under .github so that they are protected using
the `pull_request_target` semantics or by tag semantics.

Signed-off-by: Thomas Hallgren <[email protected]>
  • Loading branch information
thallgren committed Aug 13, 2024
1 parent dd6a286 commit 5c3ca21
Show file tree
Hide file tree
Showing 3 changed files with 37 additions and 36 deletions.
20 changes: 16 additions & 4 deletions .github/workflows/dev.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -31,17 +31,29 @@ jobs:
run: |
v=$(go run build-aux/genversion/main.go ${{github.run_id}})
echo "TELEPRESENCE_VERSION=$v" >> "$GITHUB_ENV"
echo "TELEPRESENCE_SEMVER=${v#v}" >> "$GITHUB_ENV"
echo "version=$v" >> $GITHUB_OUTPUT
echo "semver=${v#v}" >> $GITHUB_OUTPUT
- name: Log in to registry
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Setup docker buildx
uses: docker/setup-buildx-action@v3
with:
platforms: linux/amd64,linux/arm64
- name: Build cluster images
- name: Build image dependencies
run: make images-deps
- name: Log in to registry
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Push client image
run: |
make push-images-x
docker buildx build --platform=linux/amd64,linux/arm64 --build-arg TELEPRESENCE_VERSION=${{env.TELEPRESENCE_SEMVER}} \
--push --tag ${{env.TELEPRESENCE_REGISTRY}}/telepresence:${{env.TELEPRESENCE_SEMVER}} -f build-aux/docker/images/Dockerfile.client .
- name: Push tel2 image
run: |
docker buildx build --platform=linux/amd64,linux/arm64 --build-arg TELEPRESENCE_VERSION=${{env.TELEPRESENCE_SEMVER}} \
--push --tag ${{env.TELEPRESENCE_REGISTRY}}/tel2:${{env.TELEPRESENCE_SEMVER}} -f build-aux/docker/images/Dockerfile.traffic .
- name: Log out from registry
if: always()
run: docker logout

run_tests:
if: github.event.label.name == 'ok to test'
strategy:
Expand Down
19 changes: 16 additions & 3 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -57,16 +57,29 @@ jobs:
name: install dependencies
- name: set version
shell: bash
run: echo "TELEPRESENCE_VERSION=${{ github.ref_name }}" >> $GITHUB_ENV
run: |
v=${{ github.ref_name }}
echo "TELEPRESENCE_VERSION=$v" >> "$GITHUB_ENV"
echo "TELEPRESENCE_SEMVER=${v#v}" >> "$GITHUB_ENV"
- name: Setup docker buildx
uses: docker/setup-buildx-action@v3
with:
platforms: linux/amd64,linux/arm64
- name: Build image dependencies
run: make images-deps
- name: Log in to registry
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Upload Docker images
- name: Push client image
run: |
docker buildx build --platform=linux/amd64,linux/arm64 --build-arg TELEPRESENCE_VERSION=${{env.TELEPRESENCE_SEMVER}} \
--push --tag ${{env.TELEPRESENCE_REGISTRY}}/telepresence:${{env.TELEPRESENCE_SEMVER}} -f build-aux/docker/images/Dockerfile.client .
- name: Push tel2 image
run: |
make push-images-x
docker buildx build --platform=linux/amd64,linux/arm64 --build-arg TELEPRESENCE_VERSION=${{env.TELEPRESENCE_SEMVER}} \
--push --tag ${{env.TELEPRESENCE_REGISTRY}}/tel2:${{env.TELEPRESENCE_SEMVER}} -f build-aux/docker/images/Dockerfile.traffic .
- name: Log out from registry
if: always()
run: docker logout

publish-release:
runs-on: ubuntu-latest
Expand Down
34 changes: 5 additions & 29 deletions build-aux/main.mk
Original file line number Diff line number Diff line change
Expand Up @@ -220,53 +220,29 @@ TELEPRESENCE_SEMVER=$(patsubst v%,%,$(TELEPRESENCE_VERSION))
CLIENT_IMAGE_FQN=$(TELEPRESENCE_REGISTRY)/telepresence:$(TELEPRESENCE_SEMVER)
TEL2_IMAGE_FQN=$(TELEPRESENCE_REGISTRY)/tel2:$(TELEPRESENCE_SEMVER)

.PHONY: images-deps
images-deps: build-deps setup-build-dir

.PHONY: tel2-image
tel2-image: build-deps setup-build-dir
tel2-image: images-deps
$(eval PLATFORM_ARG := $(if $(TELEPRESENCE_TEL2_IMAGE_PLATFORM), --platform=$(TELEPRESENCE_TEL2_IMAGE_PLATFORM),))
docker build $(PLATFORM_ARG) --target tel2 --tag tel2 --tag $(TEL2_IMAGE_FQN) -f build-aux/docker/images/Dockerfile.traffic .

.PHONY: tel2-image-x
tel2-image-x: build-deps setup-build-dir
docker buildx build --platform=linux/amd64,linux/arm64 --build-arg TELEPRESENCE_VERSION=$(TELEPRESENCE_VERSION) --cache-to type=local,dest=$(BUILDDIR)/docker-cache -f build-aux/docker/images/Dockerfile.traffic .

.PHONY: client-image
client-image: build-deps setup-build-dir
client-image: images-deps
docker build --target telepresence --tag telepresence --tag $(CLIENT_IMAGE_FQN) -f build-aux/docker/images/Dockerfile.client .

.PHONY: client-image-x
client-image-x: build-deps setup-build-dir
docker buildx build --platform=linux/amd64,linux/arm64 --build-arg TELEPRESENCE_VERSION=$(TELEPRESENCE_VERSION) --cache-to type=local,dest=$(BUILDDIR)/docker-cache -f build-aux/docker/images/Dockerfile.client .

.PHONY: push-tel2-image
push-tel2-image: tel2-image ## (Build) Push the manager/agent container image to $(TELEPRESENCE_REGISTRY)
docker push $(TEL2_IMAGE_FQN)

.PHONY: push-tel2-image-x
push-tel2-image-x: build-deps setup-build-dir
docker buildx build --platform=linux/amd64,linux/arm64 --build-arg TELEPRESENCE_VERSION=$(TELEPRESENCE_VERSION) --cache-from type=local,src=$(BUILDDIR)/docker-cache -f build-aux/docker/images/Dockerfile.traffic --push --tag $(TEL2_IMAGE_FQN) .

.PHONY: push-client-image
push-client-image: client-image ## (Build) Push the client container image to $(TELEPRESENCE_REGISTRY)
docker push $(CLIENT_IMAGE_FQN)

.PHONY: push-client-image-x
push-client-image-x: build-deps setup-build-dir
docker buildx build --platform=linux/amd64,linux/arm64 --build-arg TELEPRESENCE_VERSION=$(TELEPRESENCE_VERSION) --cache-from type=local,src=$(BUILDDIR)/docker-cache -f build-aux/docker/images/Dockerfile.client --push --tag $(CLIENT_IMAGE_FQN) .

.PHONY: save-tel2-image
save-tel2-image: tel2-image
docker save $(TEL2_IMAGE_FQN) > $(BUILDDIR)/tel2-image.tar

.PHONY: save-client-image
save-client-image: client-image
docker save $(CLIENT_IMAGE_FQN) > $(BUILDDIR)/telepresence-image.tar

.PHONY: push-images
push-images: push-tel2-image push-client-image

.PHONY: push-images-x
push-images-x: push-tel2-image-x push-client-image-x

.PHONY: clobber
clobber: ## (Build) Remove all build artifacts and tools
rm -rf $(BUILDDIR)
Expand Down

0 comments on commit 5c3ca21

Please sign in to comment.