feat: publish to ghcr (#38)

Signed-off-by: Evan Baker <[email protected]>

.github/workflows/images.yaml

@@ -3,24 +3,24 @@ name: Build and Publish Retina Container Images
 on:
   push:
     branches: [ main ]
+    tags: [ "v*" ]
   pull_request:
     branches: [ main ]
 
+permissions:
+  contents: read
+  packages: write
+
 jobs:
   retina-images:
-    name: Build Linux Images
+    name: Build Agent Images
     runs-on: ubuntu-latest
 
     strategy:
       matrix:
         platform: ["linux"]
         arch: ["amd64", "arm64"]
 
-    # required for AZ login/SP
-    permissions:
-      id-token: write
-      contents: read
-
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -33,33 +33,27 @@ jobs:
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
 
-      - name: Az CLI login
-        uses: azure/login@v2
-        with:
-            creds: ${{ secrets.AZURE_CREDENTIALS }}
+      - name: Log in to registry
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
 
       - name: Build/Push Images
         shell: bash
         run: |
           set -euo pipefail
-          az acr login -n ${{ secrets.ACR_NAME }}
           echo "TAG=$(make version)" >> $GITHUB_ENV
-          make retina-image PLATFORM=${{ matrix.platform }}/${{ matrix.arch }}
+          make retina-image \
+            IMAGE_NAMESPACE=${{ github.repository }} \
+            PLATFORM=${{ matrix.platform }}/${{ matrix.arch }}
 
   retina-win-images:
-    name: Build Windows Images
+    name: Build Agent Images
     runs-on: ubuntu-latest
 
     strategy:
       matrix:
         platform: ["windows"]
         arch: ["amd64"]
 
-    # required for AZ login/SP
-    permissions:
-      id-token: write
-      contents: read
-
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -71,19 +65,18 @@ jobs:
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
-
-      - name: Az CLI login
-        uses: azure/login@v2
-        with:
-            creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+      - name: Log in to registry
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
 
       - name: Build/Push Images
         shell: bash
         run: |
           set -euo pipefail
-          az acr login -n ${{ secrets.ACR_NAME }}
           echo "TAG=$(make version)" >> $GITHUB_ENV
-          make retina-image-win PLATFORM=${{ matrix.platform }}/${{ matrix.arch }}
+          make retina-image-win \
+            IMAGE_NAMESPACE=${{ github.repository }} \
+            PLATFORM=${{ matrix.platform }}/${{ matrix.arch }}
 
   operator-images:
     name: Build Operator Images
@@ -94,11 +87,6 @@ jobs:
         platform: ["linux"]
         arch: ["amd64", "arm64"]
 
-    # required for AZ login/SP
-    permissions:
-      id-token: write
-      contents: read
-
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -110,19 +98,18 @@ jobs:
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
-
-      - name: Az CLI login
-        uses: azure/login@v2
-        with:
-            creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+      - name: Log in to registry
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
 
       - name: Build/Push Images
         shell: bash
         run: |
           set -euo pipefail
-          az acr login -n ${{ secrets.ACR_NAME }}
           echo "TAG=$(make version)" >> $GITHUB_ENV
-          make retina-operator-image PLATFORM=${{ matrix.platform }}/${{ matrix.arch }}
+          make retina-operator-image \
+            IMAGE_NAMESPACE=${{ github.repository }} \
+            PLATFORM=${{ matrix.platform }}/${{ matrix.arch }}
 
   kubectl-retina-images:
     name: Build kubectl-retina Images
@@ -133,11 +120,6 @@ jobs:
         platform: ["linux"]
         arch: ["amd64", "arm64"]
 
-    # required for AZ login/SP
-    permissions:
-      id-token: write
-      contents: read
-
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -149,19 +131,18 @@ jobs:
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
-
-      - name: Az CLI login
-        uses: azure/login@v2
-        with:
-            creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+      - name: Log in to registry
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
 
       - name: Build/Push Images
         shell: bash
         run: |
           set -euo pipefail
-          az acr login -n ${{ secrets.ACR_NAME }}
           echo "TAG=$(make version)" >> $GITHUB_ENV
-          make kubectl-retina-image PLATFORM=${{ matrix.platform }}/${{ matrix.arch }}
+          make kubectl-retina-image \
+            IMAGE_NAMESPACE=${{ github.repository }} \
+            PLATFORM=${{ matrix.platform }}/${{ matrix.arch }}
 
   manifests:
     name: Generate Manifests
@@ -172,26 +153,20 @@ jobs:
       matrix:
         component: ["retina", "operator", "kubectl-retina"]
 
-    # required for AZ login/SP
-    permissions:
-      id-token: write
-      contents: read
-
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
-
-      - name: Az CLI login
-        uses: azure/login@v2
-        with:
-            creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+      - name: Log in to registry
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
 
       - name: Generate Manifests
         shell: bash
         run: |
           set -euo pipefail
-          az acr login -n ${{ secrets.ACR_NAME }}
-          make manifest COMPONENT=${{ matrix.component }}
+          make manifest \
+            IMAGE_NAMESPACE=${{ github.repository }} \
+            COMPONENT=${{ matrix.component }}

Makefile

@@ -26,17 +26,16 @@ GENERATE_TARGET_DIRS = \
 	./pkg/plugin/linuxutil
 
 # Default platform is linux/amd64
-GOOS ?= linux
-GOARCH ?= amd64
-IMAGE_REGISTRY    ?= acnpublic.azurecr.io
-OS                ?= $(GOOS)
-ARCH              ?= $(GOARCH)
-PLATFORM          ?= $(OS)/$(ARCH)
-PLATFORMS 		  ?= linux/amd64 linux/arm64 windows/amd64
+GOOS			?= linux
+GOARCH			?= amd64
+OS				?= $(GOOS)
+ARCH			?= $(GOARCH)
+PLATFORM		?= $(OS)/$(ARCH)
+PLATFORMS		?= linux/amd64 linux/arm64 windows/amd64
 
 CONTAINER_BUILDER ?= docker
 CONTAINER_RUNTIME ?= docker
-YEAR 			  ?=2022
+YEAR 			  ?= 2022
 
 ALL_ARCH.linux = amd64 arm64
 ALL_ARCH.windows = amd64
@@ -188,16 +187,19 @@ retina-capture-workload: ## build the Retina capture workload
 
 ##@ Containers
 
-RETINA_BUILDER_IMAGE = retina-builder
-RETINA_TOOLS_IMAGE = retina-tools
-RETINA_IMAGE = retina-agent
-RETINA_INIT_IMAGE = retina-init
-KUBECTL_RETINA_IMAGE=kubectl-retina
-RETINA_OPERATOR_IMAGE=retina-operator
-RETINA_INTEGRATION_TEST_IMAGE=retina-integration-test
-RETINA_PROTO_IMAGE=retina-proto-gen
-RETINA_GO_GEN_IMAGE=retina-go-gen
-KAPINGER_IMAGE = kapinger
+IMAGE_REGISTRY	?= ghcr.io
+IMAGE_NAMESPACE	?= $(git remote get-url origin | sed -e 's/[email protected]://g' -e 's/\.git$//') # attempts to extract the upstream for image namespacing
+
+RETINA_BUILDER_IMAGE			= $(IMAGE_NAMESPACE)/retina-builder
+RETINA_TOOLS_IMAGE				= $(IMAGE_NAMESPACE)/retina-tools
+RETINA_IMAGE 					= $(IMAGE_NAMESPACE)/retina-agent
+RETINA_INIT_IMAGE				= $(IMAGE_NAMESPACE)/retina-init
+KUBECTL_RETINA_IMAGE			= $(IMAGE_NAMESPACE)/kubectl-retina
+RETINA_OPERATOR_IMAGE			= $(IMAGE_NAMESPACE)/retina-operator
+RETINA_INTEGRATION_TEST_IMAGE	= $(IMAGE_NAMESPACE)/retina-integration-test
+RETINA_PROTO_IMAGE				= $(IMAGE_NAMESPACE)/retina-proto-gen
+RETINA_GO_GEN_IMAGE				= $(IMAGE_NAMESPACE)/retina-go-gen
+KAPINGER_IMAGE 					= $(IMAGE_NAMESPACE)/kapinger
 
 skopeo-export: # util target to copy a container from containers-storage to the docker daemon.
 	skopeo copy \