ci: push dev images to ghcr (#1591)
* ci: push dev images to ghcr Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * *: use new ghcr images Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: use ghcr proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
ef1cf7867c
commit
7bf587af24
10
.github/workflows/ci-main.yml
vendored
10
.github/workflows/ci-main.yml
vendored
|
@ -299,15 +299,15 @@ jobs:
|
|||
uses: docker/login-action@v1
|
||||
if: ${{ steps.ev.outputs.shouldBuild == 'true' }}
|
||||
with:
|
||||
registry: beryju.org
|
||||
username: ${{ secrets.HARBOR_USERNAME }}
|
||||
password: ${{ secrets.HARBOR_PASSWORD }}
|
||||
registry: ghcr.io
|
||||
username: ${{ github.repository_owner }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Building Docker Image
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
push: ${{ steps.ev.outputs.shouldBuild == 'true' }}
|
||||
tags: |
|
||||
beryju.org/authentik/server:gh-${{ steps.ev.outputs.branchNameContainer }}
|
||||
beryju.org/authentik/server:gh-${{ steps.ev.outputs.branchNameContainer }}-${{ steps.ev.outputs.timestamp }}-${{ steps.ev.outputs.sha }}
|
||||
ghcr.io/goauthentik/dev-server:gh-${{ steps.ev.outputs.branchNameContainer }}
|
||||
ghcr.io/goauthentik/dev-server:gh-${{ steps.ev.outputs.branchNameContainer }}-${{ steps.ev.outputs.timestamp }}-${{ steps.ev.outputs.sha }}
|
||||
build-args: |
|
||||
GIT_BUILD_HASH=${{ steps.ev.outputs.sha }}
|
||||
|
|
12
.github/workflows/ci-outpost.yml
vendored
12
.github/workflows/ci-outpost.yml
vendored
|
@ -53,17 +53,17 @@ jobs:
|
|||
uses: docker/login-action@v1
|
||||
if: ${{ steps.ev.outputs.shouldBuild == 'true' }}
|
||||
with:
|
||||
registry: beryju.org
|
||||
username: ${{ secrets.HARBOR_USERNAME }}
|
||||
password: ${{ secrets.HARBOR_PASSWORD }}
|
||||
registry: ghcr.io
|
||||
username: ${{ github.repository_owner }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Building Docker Image
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
push: ${{ steps.ev.outputs.shouldBuild == 'true' }}
|
||||
tags: |
|
||||
beryju.org/authentik/outpost-${{ matrix.type }}:gh-${{ steps.ev.outputs.branchNameContainer }}
|
||||
beryju.org/authentik/outpost-${{ matrix.type }}:gh-${{ steps.ev.outputs.branchNameContainer }}-${{ steps.ev.outputs.timestamp }}
|
||||
beryju.org/authentik/outpost-${{ matrix.type }}:gh-${{ steps.ev.outputs.sha }}
|
||||
ghcr.io/goauthentik/dev-${{ matrix.type }}:gh-${{ steps.ev.outputs.branchNameContainer }}
|
||||
ghcr.io/goauthentik/dev-${{ matrix.type }}:gh-${{ steps.ev.outputs.branchNameContainer }}-${{ steps.ev.outputs.timestamp }}
|
||||
ghcr.io/goauthentik/dev-${{ matrix.type }}:gh-${{ steps.ev.outputs.sha }}
|
||||
file: ${{ matrix.type }}.Dockerfile
|
||||
build-args: |
|
||||
GIT_BUILD_HASH=${{ steps.ev.outputs.sha }}
|
||||
|
|
21
.github/workflows/ghcr-retention.yml
vendored
Normal file
21
.github/workflows/ghcr-retention.yml
vendored
Normal file
|
@ -0,0 +1,21 @@
|
|||
name: ghcr-retention
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: '0 0 * * *' # every day at midnight
|
||||
|
||||
jobs:
|
||||
clean-ghcr:
|
||||
name: Delete old unused container images
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Delete 'dev' containers older than a week
|
||||
uses: sondrelg/container-retention-policy@v1
|
||||
with:
|
||||
image-names: dev-server,dev-ldap,dev-proxy
|
||||
cut-off: One month ago UTC
|
||||
account-type: org
|
||||
org-name: goauthentik
|
||||
untagged-only: false
|
||||
token: ${{ secrets.GHCR_CLEANUP_TOKEN }}
|
||||
skip-tags: gh-next,gh-master
|
|
@ -18,7 +18,7 @@ class PytestTestRunner: # pragma: no cover
|
|||
CONFIG.y_set("authentik.geoip", "tests/GeoLite2-City-Test.mmdb")
|
||||
CONFIG.y_set(
|
||||
"outposts.docker_image_base",
|
||||
f"beryju.org/authentik/outpost-%(type)s:{get_docker_tag()}",
|
||||
f"ghcr.io/goauthentik/dev-%(type)s:{get_docker_tag()}",
|
||||
)
|
||||
|
||||
def run_tests(self, test_labels):
|
||||
|
|
|
@ -33,7 +33,7 @@ class TestProviderLDAP(SeleniumTestCase):
|
|||
"""Start ldap container based on outpost created"""
|
||||
client: DockerClient = from_env()
|
||||
container = client.containers.run(
|
||||
image=self.get_container_image("beryju.org/authentik/outpost-ldap"),
|
||||
image=self.get_container_image("ghcr.io/goauthentik/dev-ldap"),
|
||||
detach=True,
|
||||
network_mode="host",
|
||||
auto_remove=True,
|
||||
|
|
|
@ -42,7 +42,7 @@ class TestProviderProxy(SeleniumTestCase):
|
|||
"""Start proxy container based on outpost created"""
|
||||
client: DockerClient = from_env()
|
||||
container = client.containers.run(
|
||||
image=self.get_container_image("beryju.org/authentik/outpost-proxy"),
|
||||
image=self.get_container_image("ghcr.io/goauthentik/dev-proxy"),
|
||||
detach=True,
|
||||
network_mode="host",
|
||||
auto_remove=True,
|
||||
|
|
|
@ -108,5 +108,5 @@ class OutpostDockerTests(TestCase):
|
|||
self.assertEqual(compose["version"], "3.5")
|
||||
self.assertEqual(
|
||||
compose["services"]["authentik_proxy"]["image"],
|
||||
f"beryju.org/authentik/outpost-proxy:{get_docker_tag()}",
|
||||
f"ghcr.io/goauthentik/dev-proxy:{get_docker_tag()}",
|
||||
)
|
||||
|
|
|
@ -108,5 +108,5 @@ class TestProxyDocker(TestCase):
|
|||
self.assertEqual(compose["version"], "3.5")
|
||||
self.assertEqual(
|
||||
compose["services"]["authentik_proxy"]["image"],
|
||||
f"beryju.org/authentik/outpost-proxy:{get_docker_tag()}",
|
||||
f"ghcr.io/goauthentik/dev-proxy:{get_docker_tag()}",
|
||||
)
|
||||
|
|
|
@ -17,9 +17,9 @@ If you want to only make changes on the UI, you don't need a backend running fro
|
|||
3. Add the following entry to your `.env` file:
|
||||
|
||||
```
|
||||
AUTHENTIK_IMAGE=beryju.org/authentik/server
|
||||
AUTHENTIK_IMAGE=goauthentik.io/dev-server
|
||||
AUTHENTIK_TAG=gh-next
|
||||
AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE=beryju.org/authentik/outpost-%(type)s:gh-next
|
||||
AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE=goauthentik.io/dev-%(type)s:gh-next
|
||||
AUTHENTIK_LOG_LEVEL=debug
|
||||
AUTHENTIK_WEB_LOAD_LOCAL_FILES=true
|
||||
```
|
||||
|
|
|
@ -17,9 +17,9 @@ import TabItem from '@theme/TabItem';
|
|||
Add the following block to your `.env` file:
|
||||
|
||||
```shell
|
||||
AUTHENTIK_IMAGE=beryju.org/authentik/server
|
||||
AUTHENTIK_IMAGE=goauthentik.io/dev-server
|
||||
AUTHENTIK_TAG=gh-next
|
||||
AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE=beryju.org/authentik/outpost-%(type)s:gh-next
|
||||
AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE=goauthentik.io/dev-%(type)s:gh-next
|
||||
```
|
||||
|
||||
Afterwards, run the upgrade commands from the latest releasae notes.
|
||||
|
@ -30,9 +30,9 @@ Add the following block to your `values.yml` file:
|
|||
```yaml
|
||||
authentik:
|
||||
outposts:
|
||||
docker_image_base: beryju.org/authentik/outpost-%(type)s:gh-%(build_hash)s
|
||||
docker_image_base: goauthentik.io/dev-%(type)s:gh-%(build_hash)s
|
||||
image:
|
||||
repository: beryju.org/authentik/server
|
||||
repository: goauthentik.io/dev-server
|
||||
tag: gh-next
|
||||
# pullPolicy: Always to ensure you always get the latest version
|
||||
pullPolicy: Always
|
||||
|
|
|
@ -39,7 +39,7 @@ Note the Client ID and Client Secret values. Create an application, using the pr
|
|||
|
||||
```
|
||||
~ mc admin config set myminio identity_openid \
|
||||
config_url="https://id.beryju.org/application/o/<applicaiton-slug>/.well-known/openid-configuration" \
|
||||
config_url="https://authentik.company/application/o/<applicaiton-slug>/.well-known/openid-configuration" \
|
||||
client_id="<client id from above>" \
|
||||
scopes="openid,profile,email,minio"
|
||||
```
|
||||
|
|
Reference in a new issue