ci: push dev images to ghcr (#1591)

* ci: push dev images to ghcr

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: use new ghcr images

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: use ghcr proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens L 2021-10-11 14:08:34 +02:00 committed by GitHub
parent ef1cf7867c
commit 7bf587af24
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 44 additions and 23 deletions

View file

@ -299,15 +299,15 @@ jobs:
uses: docker/login-action@v1
if: ${{ steps.ev.outputs.shouldBuild == 'true' }}
with:
registry: beryju.org
username: ${{ secrets.HARBOR_USERNAME }}
password: ${{ secrets.HARBOR_PASSWORD }}
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Building Docker Image
uses: docker/build-push-action@v2
with:
push: ${{ steps.ev.outputs.shouldBuild == 'true' }}
tags: |
beryju.org/authentik/server:gh-${{ steps.ev.outputs.branchNameContainer }}
beryju.org/authentik/server:gh-${{ steps.ev.outputs.branchNameContainer }}-${{ steps.ev.outputs.timestamp }}-${{ steps.ev.outputs.sha }}
ghcr.io/goauthentik/dev-server:gh-${{ steps.ev.outputs.branchNameContainer }}
ghcr.io/goauthentik/dev-server:gh-${{ steps.ev.outputs.branchNameContainer }}-${{ steps.ev.outputs.timestamp }}-${{ steps.ev.outputs.sha }}
build-args: |
GIT_BUILD_HASH=${{ steps.ev.outputs.sha }}

View file

@ -53,17 +53,17 @@ jobs:
uses: docker/login-action@v1
if: ${{ steps.ev.outputs.shouldBuild == 'true' }}
with:
registry: beryju.org
username: ${{ secrets.HARBOR_USERNAME }}
password: ${{ secrets.HARBOR_PASSWORD }}
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Building Docker Image
uses: docker/build-push-action@v2
with:
push: ${{ steps.ev.outputs.shouldBuild == 'true' }}
tags: |
beryju.org/authentik/outpost-${{ matrix.type }}:gh-${{ steps.ev.outputs.branchNameContainer }}
beryju.org/authentik/outpost-${{ matrix.type }}:gh-${{ steps.ev.outputs.branchNameContainer }}-${{ steps.ev.outputs.timestamp }}
beryju.org/authentik/outpost-${{ matrix.type }}:gh-${{ steps.ev.outputs.sha }}
ghcr.io/goauthentik/dev-${{ matrix.type }}:gh-${{ steps.ev.outputs.branchNameContainer }}
ghcr.io/goauthentik/dev-${{ matrix.type }}:gh-${{ steps.ev.outputs.branchNameContainer }}-${{ steps.ev.outputs.timestamp }}
ghcr.io/goauthentik/dev-${{ matrix.type }}:gh-${{ steps.ev.outputs.sha }}
file: ${{ matrix.type }}.Dockerfile
build-args: |
GIT_BUILD_HASH=${{ steps.ev.outputs.sha }}

21
.github/workflows/ghcr-retention.yml vendored Normal file
View file

@ -0,0 +1,21 @@
name: ghcr-retention
on:
schedule:
- cron: '0 0 * * *' # every day at midnight
jobs:
clean-ghcr:
name: Delete old unused container images
runs-on: ubuntu-latest
steps:
- name: Delete 'dev' containers older than a week
uses: sondrelg/container-retention-policy@v1
with:
image-names: dev-server,dev-ldap,dev-proxy
cut-off: One month ago UTC
account-type: org
org-name: goauthentik
untagged-only: false
token: ${{ secrets.GHCR_CLEANUP_TOKEN }}
skip-tags: gh-next,gh-master

View file

@ -18,7 +18,7 @@ class PytestTestRunner: # pragma: no cover
CONFIG.y_set("authentik.geoip", "tests/GeoLite2-City-Test.mmdb")
CONFIG.y_set(
"outposts.docker_image_base",
f"beryju.org/authentik/outpost-%(type)s:{get_docker_tag()}",
f"ghcr.io/goauthentik/dev-%(type)s:{get_docker_tag()}",
)
def run_tests(self, test_labels):

View file

@ -33,7 +33,7 @@ class TestProviderLDAP(SeleniumTestCase):
"""Start ldap container based on outpost created"""
client: DockerClient = from_env()
container = client.containers.run(
image=self.get_container_image("beryju.org/authentik/outpost-ldap"),
image=self.get_container_image("ghcr.io/goauthentik/dev-ldap"),
detach=True,
network_mode="host",
auto_remove=True,

View file

@ -42,7 +42,7 @@ class TestProviderProxy(SeleniumTestCase):
"""Start proxy container based on outpost created"""
client: DockerClient = from_env()
container = client.containers.run(
image=self.get_container_image("beryju.org/authentik/outpost-proxy"),
image=self.get_container_image("ghcr.io/goauthentik/dev-proxy"),
detach=True,
network_mode="host",
auto_remove=True,

View file

@ -108,5 +108,5 @@ class OutpostDockerTests(TestCase):
self.assertEqual(compose["version"], "3.5")
self.assertEqual(
compose["services"]["authentik_proxy"]["image"],
f"beryju.org/authentik/outpost-proxy:{get_docker_tag()}",
f"ghcr.io/goauthentik/dev-proxy:{get_docker_tag()}",
)

View file

@ -108,5 +108,5 @@ class TestProxyDocker(TestCase):
self.assertEqual(compose["version"], "3.5")
self.assertEqual(
compose["services"]["authentik_proxy"]["image"],
f"beryju.org/authentik/outpost-proxy:{get_docker_tag()}",
f"ghcr.io/goauthentik/dev-proxy:{get_docker_tag()}",
)

View file

@ -17,9 +17,9 @@ If you want to only make changes on the UI, you don't need a backend running fro
3. Add the following entry to your `.env` file:
```
AUTHENTIK_IMAGE=beryju.org/authentik/server
AUTHENTIK_IMAGE=goauthentik.io/dev-server
AUTHENTIK_TAG=gh-next
AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE=beryju.org/authentik/outpost-%(type)s:gh-next
AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE=goauthentik.io/dev-%(type)s:gh-next
AUTHENTIK_LOG_LEVEL=debug
AUTHENTIK_WEB_LOAD_LOCAL_FILES=true
```

View file

@ -17,9 +17,9 @@ import TabItem from '@theme/TabItem';
Add the following block to your `.env` file:
```shell
AUTHENTIK_IMAGE=beryju.org/authentik/server
AUTHENTIK_IMAGE=goauthentik.io/dev-server
AUTHENTIK_TAG=gh-next
AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE=beryju.org/authentik/outpost-%(type)s:gh-next
AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE=goauthentik.io/dev-%(type)s:gh-next
```
Afterwards, run the upgrade commands from the latest releasae notes.
@ -30,9 +30,9 @@ Add the following block to your `values.yml` file:
```yaml
authentik:
outposts:
docker_image_base: beryju.org/authentik/outpost-%(type)s:gh-%(build_hash)s
docker_image_base: goauthentik.io/dev-%(type)s:gh-%(build_hash)s
image:
repository: beryju.org/authentik/server
repository: goauthentik.io/dev-server
tag: gh-next
# pullPolicy: Always to ensure you always get the latest version
pullPolicy: Always

View file

@ -39,7 +39,7 @@ Note the Client ID and Client Secret values. Create an application, using the pr
```
~ mc admin config set myminio identity_openid \
config_url="https://id.beryju.org/application/o/<applicaiton-slug>/.well-known/openid-configuration" \
config_url="https://authentik.company/application/o/<applicaiton-slug>/.well-known/openid-configuration" \
client_id="<client id from above>" \
scopes="openid,profile,email,minio"
```