From d2ab505ff7acf3916c8b79bfd072090e7b967fe6 Mon Sep 17 00:00:00 2001
From: Amine <hilalyamine@gmail.com>
Date: Wed, 29 Jan 2025 17:59:56 -0800
Subject: [PATCH 1/3] ci: add GitHub Actions workflow for building and
 publishing

This workflow:
- Builds container images using ko
- Publishes images to GitHub Container Registry on main branch pushes
- Publishes both container images and Helm charts on tag releases
- Only builds images (no push) for pull requests
---
 .github/workflows/build-push-image.yaml | 79 +++++++++++++++++++++++++
 1 file changed, 79 insertions(+)
 create mode 100644 .github/workflows/build-push-image.yaml

diff --git a/.github/workflows/build-push-image.yaml b/.github/workflows/build-push-image.yaml
new file mode 100644
index 00000000..f2e0d14d
--- /dev/null
+++ b/.github/workflows/build-push-image.yaml
@@ -0,0 +1,79 @@
+name: Build and Publish
+
+on:
+  push:
+    branches: [ main ]
+    tags: [ 'v*' ]
+  pull_request:
+    branches: [ main ]
+
+env:
+  KO_DOCKER_REPO: ghcr.io/${{ github.repository }}/controller
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.23'
+
+      - name: Install Dependencies
+        run: |
+          go mod download
+          go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.16.2
+          go install sigs.k8s.io/kustomize/kustomize/v5@v5.2.1
+          go install github.com/google/ko@latest
+
+      - name: Run tests
+        run: make test WHAT=unit
+
+      - name: Log in to GitHub Container Registry
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set Release Version
+        run: |
+          if [[ $GITHUB_REF == refs/tags/v* ]]; then
+            # Trim the 'v' prefix from the tag
+            echo "RELEASE_VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV
+          else
+            echo "RELEASE_VERSION=dev-$(git rev-parse --short HEAD)" >> $GITHUB_ENV
+          fi
+
+      # Build and push image on push to main
+      - name: Build and Push Image
+        if: github.event_name != 'pull_request'
+        run: |
+          make publish-image
+
+      # Build image only on PR
+      - name: Build Image (PR)
+        if: github.event_name == 'pull_request'
+        run: |
+          make build-image
+
+      # Push helm chart only on tag
+      - name: Package and Push Helm Chart
+        if: github.ref_type == 'tag'
+        run: |
+          echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login ghcr.io -u ${{ github.actor }} --password-stdin
+          # Use sed compatible with Linux (GitHub Actions runners)
+          cp ./config/crd/bases/* helm/crds/
+          sed -i "s/tag: .*/tag: \"${RELEASE_VERSION}\"/" helm/values.yaml
+          sed -i "s/version: .*/version: ${RELEASE_VERSION}/" helm/Chart.yaml
+          sed -i "s/appVersion: .*/appVersion: \"${RELEASE_VERSION}\"/" helm/Chart.yaml
+          helm package helm
+          HELM_IMAGE=ghcr.io/${{ github.repository }} make publish-helm
\ No newline at end of file

From db9659417e36f3484a81cdc29b27fbba1b7541f5 Mon Sep 17 00:00:00 2001
From: Amine <hilalyamine@gmail.com>
Date: Wed, 29 Jan 2025 23:37:01 -0800
Subject: [PATCH 2/3] chore: migrate container registry from ECR to GHCR

---
 Makefile | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/Makefile b/Makefile
index 6a0798f4..8e928d24 100644
--- a/Makefile
+++ b/Makefile
@@ -2,11 +2,11 @@
 AWS_ACCOUNT_ID ?= $(shell aws sts get-caller-identity --query Account --output text)
 AWS_REGION ?= us-west-2
 RELEASE_VERSION ?= dev-$(shell git rev-parse --short HEAD)
-ECR_REPO ?= public.ecr.aws/kro
+OCI_REPO ?= ghcr.io/kro-run/kro
 
-CONTROLLER_IMAGE ?= ${ECR_REPO}/controller:${RELEASE_VERSION}
-HELM_IMAGE ?= ${ECR_REPO}
-KO_DOCKER_REPO ?= ${ECR_REPO}/kro
+CONTROLLER_IMAGE ?= ${OCI_REPO}/controller:${RELEASE_VERSION}
+HELM_IMAGE ?= ${OCI_REPO}
+KO_DOCKER_REPO ?= ${OCI_REPO}/kro
 
 KOCACHE ?= ~/.ko
 KO_PUSH ?= true
@@ -176,13 +176,13 @@ $(CONTROLLER_GEN): $(LOCALBIN)
 
 .PHONY: image
 build-image: ## Build the kro controller images using ko build
-	$(WITH_GOFLAGS) KOCACHE=$(KOCACHE) KO_DOCKER_REPO="public.ecr.aws/kro/controller" \
+	$(WITH_GOFLAGS) KOCACHE=$(KOCACHE) \
 		ko build --bare github.com/kro-run/kro/cmd/controller \
 		--push=false --tags ${RELEASE_VERSION} --sbom=none
 
 .PHONY: publish
-publish-image: ## Publish the kro controller images to ECR
-	$(WITH_GOFLAGS) KOCACHE=$(KOCACHE) KO_DOCKER_REPO="public.ecr.aws/kro/controller" \
+publish-image: ## Publish the kro controller images to ghcr.io
+	$(WITH_GOFLAGS) KOCACHE=$(KOCACHE) \
 		ko publish --bare github.com/kro-run/kro/cmd/controller \
 		--tags ${RELEASE_VERSION} --sbom=none
 

From d5112953d52db0acbb5b195db1641d799fe92a76 Mon Sep 17 00:00:00 2001
From: Amine <hilalyamine@gmail.com>
Date: Thu, 30 Jan 2025 01:26:29 -0800
Subject: [PATCH 3/3] Update installation instructions and default image in
 helm chart

---
 .github/workflows/build-push-image.yaml              | 2 +-
 helm/values.yaml                                     | 2 +-
 website/docs/docs/getting-started/01-Installation.md | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build-push-image.yaml b/.github/workflows/build-push-image.yaml
index f2e0d14d..eef3e749 100644
--- a/.github/workflows/build-push-image.yaml
+++ b/.github/workflows/build-push-image.yaml
@@ -76,4 +76,4 @@ jobs:
           sed -i "s/version: .*/version: ${RELEASE_VERSION}/" helm/Chart.yaml
           sed -i "s/appVersion: .*/appVersion: \"${RELEASE_VERSION}\"/" helm/Chart.yaml
           helm package helm
-          HELM_IMAGE=ghcr.io/${{ github.repository }} make publish-helm
\ No newline at end of file
+          HELM_IMAGE=ghcr.io/${{ github.repository }} make publish-helm
diff --git a/helm/values.yaml b/helm/values.yaml
index 6a55f49f..fa1a7d4c 100644
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -5,7 +5,7 @@ fullnameOverride: ""
 
 image:
   # The location of the container image repository
-  repository: public.ecr.aws/kro/controller
+  repository: ghcr.io/kro-run/kro/controller
   # Image pull policy (IfNotPresent: pull the image only if it is not present locally)
   pullPolicy: IfNotPresent
   # Overrides the image tag whose default is the chart appVersion.
diff --git a/website/docs/docs/getting-started/01-Installation.md b/website/docs/docs/getting-started/01-Installation.md
index b1445c3e..ab4017be 100644
--- a/website/docs/docs/getting-started/01-Installation.md
+++ b/website/docs/docs/getting-started/01-Installation.md
@@ -40,7 +40,7 @@ echo $KRO_VERSION
 ```
 Install kro using Helm
 ```
-helm install kro oci://public.ecr.aws/kro/kro \
+helm install kro oci://ghcr.io/kro-run/kro/kro \
   --namespace kro \
   --create-namespace \
   --version=${KRO_VERSION}
@@ -84,7 +84,7 @@ export KRO_VERSION=<new-version>
 
 Upgrade the controller
 ```
-helm upgrade kro oci://public.ecr.aws/kro/kro \
+helm upgrade kro oci://ghcr.io/kro-run/kro/kro \
   --namespace kro \
   --version=${KRO_VERSION}
 ```