build and push to quay.io

Instead of ecr. We need the toolkit to generate secrets in a Job in the documentation guides.
holos-run · Sep 16, 2024 · cadb251 · cadb251
1 parent 52bdca1
commit cadb251
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 10 deletions.
diff --git a/.github/workflows/debian.yaml b/.github/workflows/debian.yaml
@@ -36,7 +36,7 @@ jobs:
           # Build and push
           /kaniko/executor --dockerfile=debian/Dockerfile \
             --context='${{ github.repositoryUrl }}#${{ needs.git.outputs.sha }}' \
-            --destination=${{ vars.REGISTRY }}/holos-run/container-images/debian:bullseye \
+            --destination=${{ vars.REGISTRY }}${{ vars.IMAGE_PREFIX }}/debian:bullseye \
             --push-retry 5 \
             --image-name-with-digest-file /workspace/image-digest.txt
 

diff --git a/.github/workflows/ecr.yaml b/.github/workflows/ecr.yaml
@@ -49,8 +49,10 @@ jobs:
         env:
           GH_TOKEN: ${{ steps.generate-token.outputs.token }}
         run: |
+          # Log in to ecr and quay.io
           echo -n ${{ steps.login-ecr.outputs.docker_password_271053619184_dkr_ecr_us_east_2_amazonaws_com }} | docker login --password-stdin --username ${{ steps.login-ecr.outputs.docker_username_271053619184_dkr_ecr_us_east_2_amazonaws_com }} ${{ steps.login-ecr.outputs.registry }}
           echo -n ${{ steps.login-ecr-public.outputs.docker_password_public_ecr_aws }} | docker login --password-stdin --username ${{ steps.login-ecr-public.outputs.docker_username_public_ecr_aws }} ${{ steps.login-ecr-public.outputs.registry }}
+          echo -n '${{ secrets.QUAY_TOKEN }}' | docker login --password-stdin --username '${{ secrets.QUAY_USER }}' quay.io
 
           base64 -w 0 ~/.docker/config.json | gh secret set DOCKER_CONFIG_BASE64
-          echo -n ${{ steps.login-ecr.outputs.registry }} | gh variable set REGISTRY
+          echo -n ${{ steps.login-ecr.outputs.registry }} | gh variable set ECR_REGISTRY
diff --git a/.github/workflows/golang.yaml b/.github/workflows/golang.yaml
@@ -36,7 +36,7 @@ jobs:
           # Build and push
           /kaniko/executor --dockerfile=golang/Dockerfile \
             --context='${{ github.repositoryUrl }}#${{ needs.git.outputs.sha }}' \
-            --destination=${{ vars.REGISTRY }}/holos-run/container-images/golang:1.21-bullseye \
+            --destination=${{ vars.REGISTRY }}${{ vars.IMAGE_PREFIX }}/golang:1.21-bullseye \
             --push-retry 5 \
             --image-name-with-digest-file /workspace/image-digest.txt
 

diff --git a/.github/workflows/toolkit.yaml b/.github/workflows/toolkit.yaml
@@ -36,9 +36,13 @@ jobs:
           # Build and push
           /kaniko/executor --dockerfile=toolkit/Dockerfile \
             --context='${{ github.repositoryUrl }}#${{ needs.git.outputs.sha }}' \
-            --destination=${{ vars.REGISTRY }}/holos-run/container-images/toolkit:latest \
+            --destination=${{ vars.REGISTRY }}${{ vars.IMAGE_PREFIX }}/toolkit:latest \
             --push-retry 5 \
             --image-name-with-digest-file /workspace/image-digest.txt
 
+          # TODO: Save the image to a tarball, make it an artifact, then use
+          # crane to push it to multiple tags.
+          # See https://stackoverflow.com/questions/62665625/how-to-perform-kaniko-docker-build-and-push-in-separate-gitlab-ci-stages
+
           # Make this an artifact?
           cat /workspace/image-digest.txt
diff --git a/toolkit/Dockerfile b/toolkit/Dockerfile
@@ -1,28 +1,30 @@
 FROM public.ecr.aws/docker/library/docker:cli as docker
-
 FROM public.ecr.aws/aws-cli/aws-cli as aws-cli
-
+FROM registry.k8s.io/kubectl:v1.31.0 as kubectl
 FROM public.ecr.aws/docker/library/debian:bullseye AS final
 
 # Install tools
 RUN apt-get -qq -y update && \
     apt-get -qq -y install \
+      openssh-client \
       curl \
       jq \
       less \
       sudo
 
+# Install kubectl
+RUN mkdir -p /etc/ssl/certs
+COPY --from=kubectl /bin/kubectl /bin/kubectl
+COPY --from=kubectl /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
+
 # Install AWS CLI
 COPY --from=aws-cli /usr/local/aws-cli/ /usr/local/aws-cli/
 COPY --from=aws-cli /usr/local/bin/ /usr/local/bin/
 
 # Docker (Needed to write credentials)
 COPY --from=docker /usr/local/bin/docker /usr/local/bin/docker
 
-# Install kubectl
-RUN curl -Lo /usr/local/bin/kubectl "https://dl.k8s.io/release/v1.28.4/bin/linux/amd64/kubectl" \
-  && chmod 0755 /usr/local/bin/kubectl
-
 RUN groupadd --gid 8192 app && \
   useradd -m -d /app -c "App" -m --uid 8192 --gid 8192 app && \
   usermod -aG sudo app && \