From 588c03453b3da9704e3d9e8956f5d3c3730bef60 Mon Sep 17 00:00:00 2001 From: Francois Ferrand Date: Fri, 26 Apr 2024 19:45:25 +0200 Subject: [PATCH 1/2] Migrate to ghcr Issue: OSIS-146 --- .github/workflows/docker-build.yml | 23 ++++------------------- .github/workflows/release.yml | 3 --- .github/workflows/security.yaml | 9 +++------ .github/workflows/test-and-build.yml | 3 --- README.md | 8 ++++---- docs/RELEASE.md | 11 +++++------ docs/milestone-2-steps.md | 4 ++-- 7 files changed, 18 insertions(+), 43 deletions(-) diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 7f01ce1..346a774 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -4,28 +4,13 @@ name: docker-build on: workflow_call: inputs: - namespace: - required: false - type: string - default: osis-dev tag: required: false type: string default: "${{ github.sha }}" - registry: - required: false - type: string - default: registry.scality.com - secrets: - REGISTRY_LOGIN: - required: true - REGISTRY_PASSWORD: - required: true env: - NAMESPACE: ${{ inputs.namespace }} TAG: ${{ inputs.tag }} - REGISTRY: ${{ inputs.registry }} jobs: build: @@ -42,16 +27,16 @@ jobs: - name: Login to Registry uses: docker/login-action@v2 with: - registry: ${{ env.REGISTRY }} - username: ${{ secrets.REGISTRY_LOGIN }} - password: ${{ secrets.REGISTRY_PASSWORD }} + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ github.token }} - name: Build and push development docker image uses: docker/build-push-action@v3 with: context: . push: true - tags: ${{ env.REGISTRY }}/${{ env.NAMESPACE }}/osis:${{ env.TAG }} + tags: ghcr.io/${{ github.repository }}:${{ env.TAG }} cache-from: type=gha,scope=osis cache-to: type=gha,mode=max,scope=osis build-args: | diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a1f6791..960a26e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,9 +14,6 @@ jobs: uses: ./.github/workflows/docker-build.yml with: namespace: osis - tag: ${{ github.event.inputs.tag }} - secrets: - REGISTRY_LOGIN: ${{ secrets.REGISTRY_LOGIN }} REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} github-release: diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml index 07e13e8..5fa9484 100644 --- a/.github/workflows/security.yaml +++ b/.github/workflows/security.yaml @@ -18,15 +18,12 @@ jobs: contents: read packages: write uses: ./.github/workflows/docker-build.yml - secrets: - REGISTRY_LOGIN: ${{ secrets.REGISTRY_LOGIN }} - REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} trivy: needs: build name: Trivy Vulnerability Scan for Code uses: scality/workflows/.github/workflows/trivy.yaml@v1 with: - name: osis - namespace: osis-dev - registry: registry.scality.com + name: ${{ github.event.repository.name }} + namespace: ${{ github.repository_owner }} + registry: ghcr.io diff --git a/.github/workflows/test-and-build.yml b/.github/workflows/test-and-build.yml index 8a120be..defe219 100644 --- a/.github/workflows/test-and-build.yml +++ b/.github/workflows/test-and-build.yml @@ -16,9 +16,6 @@ jobs: docker-build: name: Development docker image uses: ./.github/workflows/docker-build.yml - secrets: - REGISTRY_LOGIN: ${{ secrets.REGISTRY_LOGIN }} - REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} code_coverage: name: code coverage diff --git a/README.md b/README.md index 0922dbc..d234ec3 100644 --- a/README.md +++ b/README.md @@ -20,11 +20,11 @@ This project is for OSIS, which integrates [Scality RING](https://www.scality.co ``` Dev: ```sh - $ docker pull registry.scality.com/vmware-ose-scality-dev/vmware-ose-scality: + docker pull ghcr.io/scality/osis: ``` Production image: ```sh - $ docker pull registry.scality.com/vmware-ose-scality/vmware-ose-scality: + docker pull ghcr.io/scality/osis: ``` 1. Generate a self-signed SSL certificate and store it in a binary PKCS#12 format file with extension `.p12` file. (Refer [here](#To-generate-PKCS12-file-for-self-signed-SSL-certificate)) @@ -57,7 +57,7 @@ This project is for OSIS, which integrates [Scality RING](https://www.scality.co -v :/app/lib/osis.p12:ro,z \ -v :/conf/crypto.yml:ro,z \ -v :/conf/application.properties:ro,z \ - registry.scality.com/vmware-ose-scality-dev/vmware-ose-scality: + ghcr.io/scality/osis: ``` Production image: ```sh @@ -68,7 +68,7 @@ This project is for OSIS, which integrates [Scality RING](https://www.scality.co -v :/app/lib/osis.p12:ro,z \ -v :/conf/crypto.yml:ro,z \ -v :/conf/application.properties:ro,z \ - registry.scality.com/vmware-ose-scality/vmware-ose-scality: + ghcr.io/scality/osis: ``` diff --git a/docs/RELEASE.md b/docs/RELEASE.md index 46f842d..5f62cfd 100644 --- a/docs/RELEASE.md +++ b/docs/RELEASE.md @@ -2,11 +2,10 @@ ## Docker Image generation -Docker images are hosted on registry.scality.com. -It has two names spaces for Vmware-ose-scality: +Docker images are hosted on ghcr.io/scality. +It has one image: -* Production Namespace: registry.scality.com/vmware-ose-scality -* Dev Namespace: registry.scality.com/vmware-ose-scality-dev +* Production container image: ghcr.io/scality/osis Production namespace provides write access to a few admins and CI while read access is given to all the developers. Dev namespace provides write access @@ -17,8 +16,8 @@ images to be used by developers, CI builds, build chain and so on. ## How to pull docker images ```sh - docker pull registry.scality.com/vmware-ose-scality-dev/vmware-ose-scality: - docker pull registry.scality.com/vmware-ose-scality/vmware-ose-scality: + docker pull ghcr.io/scality/osis: + docker pull ghcr.io/scality/osis: ``` ## Release Process diff --git a/docs/milestone-2-steps.md b/docs/milestone-2-steps.md index c71ba1b..edb843b 100644 --- a/docs/milestone-2-steps.md +++ b/docs/milestone-2-steps.md @@ -67,7 +67,7 @@ docker restart scality-vault-1 - Pull this docker image. Use the latest commit from thew repository as SHA in the below command. ```sh -docker pull registry.scality.com/vmware-ose-scality-dev/vmware-ose-scality: +docker pull ghcr.io/scality/osis: ``` @@ -105,7 +105,7 @@ docker pull registry.scality.com/vmware-ose-scality-dev/vmware-ose-scality: -p 8443:8443 \ -v /root/keyStore.p12:/app/lib/osis.p12:ro,z \ -v /root/crypto.yml:/app/config/crypto.yml:ro,z \ - registry.scality.com/vmware-ose-scality-dev/vmware-ose-scality: + ghcr.io/scality/osis: ``` Note: For S3 Connector, use the host network as shows in the example above. From bc899b299d73c5cc43c03377c644f4ebc9872dd8 Mon Sep 17 00:00:00 2001 From: Francois Ferrand Date: Fri, 26 Apr 2024 19:48:26 +0200 Subject: [PATCH 2/2] Bump github actions Issue: OSIS-146 --- .github/workflows/codeql.yaml | 10 +++++----- .github/workflows/dependency-review.yaml | 4 ++-- .github/workflows/docker-build.yml | 10 ++++------ .github/workflows/gradle-build-and-upload.yml | 6 +++--- .github/workflows/release.yml | 5 ++--- .github/workflows/security.yaml | 2 +- .github/workflows/test-and-build.yml | 2 +- 7 files changed, 18 insertions(+), 21 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index a7ce177..579154f 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -21,21 +21,21 @@ jobs: NEXUS_PWD: ${{ secrets.NEXUS_PASSWORD }} steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: java - name: Setup Java - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: distribution: "corretto" java-version: "17" - name: Setup Gradle - uses: gradle/gradle-build-action@v2.4.2 + uses: gradle/gradle-build-action@v3 with: gradle-version: 7.3 @@ -43,4 +43,4 @@ jobs: run: ./gradlew build -PsonatypeUsername=$NEXUS_UNAME -PsonatypePassword=$NEXUS_PWD - name: Build and analyze - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml index 7df9334..1c74020 100644 --- a/.github/workflows/dependency-review.yaml +++ b/.github/workflows/dependency-review.yaml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: 'Dependency Review' - uses: actions/dependency-review-action@v3 + uses: actions/dependency-review-action@v4 diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 346a774..365f9c3 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -19,25 +19,23 @@ jobs: timeout-minutes: 10 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Login to Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ github.token }} - name: Build and push development docker image - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v5 with: context: . push: true tags: ghcr.io/${{ github.repository }}:${{ env.TAG }} cache-from: type=gha,scope=osis cache-to: type=gha,mode=max,scope=osis - build-args: | - NODE_ENV=${{ matrix.build.env }} diff --git a/.github/workflows/gradle-build-and-upload.yml b/.github/workflows/gradle-build-and-upload.yml index 0bfd381..154eebb 100644 --- a/.github/workflows/gradle-build-and-upload.yml +++ b/.github/workflows/gradle-build-and-upload.yml @@ -21,16 +21,16 @@ jobs: SIGNING_PWD: ${{ secrets.SIGNING_PASSWORD }} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Java - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: distribution: "corretto" java-version: "17" - name: Setup Gradle - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@v3 with: gradle-version: 7.3 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 960a26e..6801e7c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,8 +13,7 @@ jobs: name: Docker image uses: ./.github/workflows/docker-build.yml with: - namespace: osis - REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} + tag: ${{ github.event.inputs.tag }} github-release: name: Creating GitHub Release @@ -24,7 +23,7 @@ jobs: - docker-build steps: - name: Github Release - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@v2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml index 5fa9484..13f3ca2 100644 --- a/.github/workflows/security.yaml +++ b/.github/workflows/security.yaml @@ -22,7 +22,7 @@ jobs: trivy: needs: build name: Trivy Vulnerability Scan for Code - uses: scality/workflows/.github/workflows/trivy.yaml@v1 + uses: scality/workflows/.github/workflows/trivy.yaml@v2 with: name: ${{ github.event.repository.name }} namespace: ${{ github.repository_owner }} diff --git a/.github/workflows/test-and-build.yml b/.github/workflows/test-and-build.yml index defe219..9938c83 100644 --- a/.github/workflows/test-and-build.yml +++ b/.github/workflows/test-and-build.yml @@ -23,7 +23,7 @@ jobs: timeout-minutes: 10 steps: - name: Upload coverage to Codecov - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@v4 with: token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos name: codecov-osis