Skip to content

Commit

Permalink
Move to GHCR (#321)
Browse files Browse the repository at this point in the history
  • Loading branch information
@alex
alex authored Dec 12, 2020
1 parent e621113 commit a9f9b52
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 34 deletions.
54 changes: 27 additions & 27 deletions .github/workflows/build-docker-images.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,23 +25,23 @@ jobs:
strategy:
matrix:
IMAGE:
- {TAG_NAME: "pyca/cryptography-runner-centos8", DOCKERFILE_PATH: "runners/centos8"}
- {TAG_NAME: "pyca/cryptography-runner-centos8-fips", DOCKERFILE_PATH: "runners/centos8", BUILD_ARGS: "--build-arg FIPS=1"}
- {TAG_NAME: "cryptography-runner-centos8", DOCKERFILE_PATH: "runners/centos8"}
- {TAG_NAME: "cryptography-runner-centos8-fips", DOCKERFILE_PATH: "runners/centos8", BUILD_ARGS: "--build-arg FIPS=1"}

- {TAG_NAME: "pyca/cryptography-runner-fedora", DOCKERFILE_PATH: "runners/fedora"}
- {TAG_NAME: "pyca/cryptography-runner-alpine", DOCKERFILE_PATH: "runners/alpine"}
- {TAG_NAME: "cryptography-runner-fedora", DOCKERFILE_PATH: "runners/fedora"}
- {TAG_NAME: "cryptography-runner-alpine", DOCKERFILE_PATH: "runners/alpine"}

- {TAG_NAME: "pyca/cryptography-runner-stretch", DOCKERFILE_PATH: "runners/debian", BUILD_ARGS: "--build-arg RELEASE=stretch"}
- {TAG_NAME: "pyca/cryptography-runner-buster", DOCKERFILE_PATH: "runners/debian", BUILD_ARGS: "--build-arg RELEASE=buster"}
- {TAG_NAME: "pyca/cryptography-runner-bullseye", DOCKERFILE_PATH: "runners/debian", BUILD_ARGS: "--build-arg RELEASE=bullseye"}
- {TAG_NAME: "pyca/cryptography-runner-sid", DOCKERFILE_PATH: "runners/debian", BUILD_ARGS: "--build-arg RELEASE=sid"}
- {TAG_NAME: "cryptography-runner-stretch", DOCKERFILE_PATH: "runners/debian", BUILD_ARGS: "--build-arg RELEASE=stretch"}
- {TAG_NAME: "cryptography-runner-buster", DOCKERFILE_PATH: "runners/debian", BUILD_ARGS: "--build-arg RELEASE=buster"}
- {TAG_NAME: "cryptography-runner-bullseye", DOCKERFILE_PATH: "runners/debian", BUILD_ARGS: "--build-arg RELEASE=bullseye"}
- {TAG_NAME: "cryptography-runner-sid", DOCKERFILE_PATH: "runners/debian", BUILD_ARGS: "--build-arg RELEASE=sid"}

- {TAG_NAME: "pyca/cryptography-runner-ubuntu-bionic", DOCKERFILE_PATH: "runners/ubuntu", BUILD_ARGS: "--build-arg RELEASE=bionic"}
- {TAG_NAME: "pyca/cryptography-runner-ubuntu-focal", DOCKERFILE_PATH: "runners/ubuntu", BUILD_ARGS: "--build-arg RELEASE=focal"}
- {TAG_NAME: "pyca/cryptography-runner-ubuntu-rolling", DOCKERFILE_PATH: "runners/ubuntu", BUILD_ARGS: "--build-arg RELEASE=rolling"}
- {TAG_NAME: "cryptography-runner-ubuntu-bionic", DOCKERFILE_PATH: "runners/ubuntu", BUILD_ARGS: "--build-arg RELEASE=bionic"}
- {TAG_NAME: "cryptography-runner-ubuntu-focal", DOCKERFILE_PATH: "runners/ubuntu", BUILD_ARGS: "--build-arg RELEASE=focal"}
- {TAG_NAME: "cryptography-runner-ubuntu-rolling", DOCKERFILE_PATH: "runners/ubuntu", BUILD_ARGS: "--build-arg RELEASE=rolling"}

- {TAG_NAME: "pyca/cryptography-manylinux1:x86_64", DOCKERFILE_PATH: "cryptography-manylinux", BUILD_ARGS: "-f cryptography-manylinux/Dockerfile-manylinux1"}
- {TAG_NAME: "pyca/cryptography-manylinux2010:x86_64", DOCKERFILE_PATH: "cryptography-manylinux", BUILD_ARGS: "-f cryptography-manylinux/Dockerfile-manylinux2010"}
- {TAG_NAME: "cryptography-manylinux1:x86_64", DOCKERFILE_PATH: "cryptography-manylinux", BUILD_ARGS: "-f cryptography-manylinux/Dockerfile-manylinux1"}
- {TAG_NAME: "cryptography-manylinux2010:x86_64", DOCKERFILE_PATH: "cryptography-manylinux", BUILD_ARGS: "-f cryptography-manylinux/Dockerfile-manylinux2010"}

name: "Building docker image ${{ matrix.IMAGE.TAG_NAME }}"
steps:
Expand All @@ -50,18 +50,18 @@ jobs:
# Sometimes we add new docker images and if they've never been pushed
# they can't be pulled.
- name: Pull existing image
run: docker pull ${{ matrix.IMAGE.TAG_NAME }} || true
run: docker pull ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }} || true
if: github.event_name != 'schedule'
- name: Build image
run: docker build --pull --cache-from ${{ matrix.IMAGE.TAG_NAME }} -t ${{ matrix.IMAGE.TAG_NAME }} ${{ matrix.IMAGE.DOCKERFILE_PATH }} ${{ matrix.IMAGE.BUILD_ARGS }}
run: docker build --pull --cache-from ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }} -t ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }} ${{ matrix.IMAGE.DOCKERFILE_PATH }} ${{ matrix.IMAGE.BUILD_ARGS }}
- name: Login to docker
run: 'docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD"'
run: 'docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD" ghcr.io'
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
DOCKER_USERNAME: ${{ secrets.GHCR_TOKEN_USER }}
DOCKER_PASSWORD: ${{ secrets.GHCR_TOKEN }}
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master'
- name: Push image
run: docker push ${{ matrix.IMAGE.TAG_NAME }}
run: docker push ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }}
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master'

# Build the manylinux2014_aarch64 container
Expand All @@ -70,7 +70,7 @@ jobs:
strategy:
matrix:
IMAGE:
- {TAG_NAME: "pyca/cryptography-manylinux2014_aarch64", DOCKERFILE_PATH: "cryptography-manylinux", BUILD_ARGS: "-f cryptography-manylinux/Dockerfile-manylinux2014_aarch64"}
- {TAG_NAME: "cryptography-manylinux2014_aarch64", DOCKERFILE_PATH: "cryptography-manylinux", BUILD_ARGS: "-f cryptography-manylinux/Dockerfile-manylinux2014_aarch64"}

name: "Building docker image ${{ matrix.IMAGE.TAG_NAME }}"
steps:
Expand All @@ -86,22 +86,22 @@ jobs:
# Sometimes we add new docker images and if they've never been pushed
# they can't be pulled.
- name: Pull existing image
run: docker pull ${{ matrix.IMAGE.TAG_NAME }}:latest || true
run: docker pull ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }}:latest || true
if: github.event_name != 'schedule'
- name: Build image
run: >
docker buildx build --platform linux/arm64 --pull --cache-from ${{ matrix.IMAGE.TAG_NAME }}
docker buildx build --platform linux/arm64 --pull --cache-from ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }}
--cache-to "type=local,dest=/tmp/.buildx-cache" --output "type=image,push=false"
-t ${{ matrix.IMAGE.TAG_NAME }} ${{ matrix.IMAGE.DOCKERFILE_PATH }} ${{ matrix.IMAGE.BUILD_ARGS }}
-t ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }} ${{ matrix.IMAGE.DOCKERFILE_PATH }} ${{ matrix.IMAGE.BUILD_ARGS }}
- name: Login to docker
run: 'docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD"'
run: 'docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD" ghcr.io'
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
DOCKER_USERNAME: ${{ secrets.GHCR_TOKEN_USER }}
DOCKER_PASSWORD: ${{ secrets.GHCR_TOKEN }}
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master'
- name: Push image
run: >
docker buildx build --cache-from "type=local,src=/tmp/.buildx-cache"
--platform linux/arm64 --output "type=image,push=true" -t ${{ matrix.IMAGE.TAG_NAME }}
--platform linux/arm64 --output "type=image,push=true" -t ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }}
${{ matrix.IMAGE.DOCKERFILE_PATH }} ${{ matrix.IMAGE.BUILD_ARGS }}
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master'
9 changes: 2 additions & 7 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,5 @@ as well as OpenSSL binaries we use.
## Docker Containers

Docker containers are built on merge by Github Actions and then uploaded to
[Docker Hub](https://hub.docker.com/u/pyca/). Each repository on Docker Hub
corresponds to a directory in `runners`.

### New Images

When making a new image create a repository on Docker Hub, select permissions,
and add the "robots" group as Read & Write capable.
Github Container Registry. Each repository corresponds to a directory in
`runners`.

0 comments on commit a9f9b52

Please sign in to comment.