From 7bf587af24d767b2bbb9eda0520ebb0229aa7622 Mon Sep 17 00:00:00 2001 From: Jens L Date: Mon, 11 Oct 2021 14:08:34 +0200 Subject: [PATCH] ci: push dev images to ghcr (#1591) * ci: push dev images to ghcr Signed-off-by: Jens Langhammer * *: use new ghcr images Signed-off-by: Jens Langhammer * website/docs: use ghcr proxy Signed-off-by: Jens Langhammer --- .github/workflows/ci-main.yml | 10 ++++----- .github/workflows/ci-outpost.yml | 12 +++++------ .github/workflows/ghcr-retention.yml | 21 +++++++++++++++++++ authentik/root/test_runner.py | 2 +- tests/e2e/test_provider_ldap.py | 2 +- tests/e2e/test_provider_proxy.py | 2 +- tests/integration/test_outpost_docker.py | 2 +- tests/integration/test_proxy_docker.py | 2 +- .../setup/frontend-only-dev-environment.md | 4 ++-- website/docs/installation/beta.mdx | 8 +++---- .../docs/integrations/services/minio/index.md | 2 +- 11 files changed, 44 insertions(+), 23 deletions(-) create mode 100644 .github/workflows/ghcr-retention.yml diff --git a/.github/workflows/ci-main.yml b/.github/workflows/ci-main.yml index f40e291ae..0de437fa6 100644 --- a/.github/workflows/ci-main.yml +++ b/.github/workflows/ci-main.yml @@ -299,15 +299,15 @@ jobs: uses: docker/login-action@v1 if: ${{ steps.ev.outputs.shouldBuild == 'true' }} with: - registry: beryju.org - username: ${{ secrets.HARBOR_USERNAME }} - password: ${{ secrets.HARBOR_PASSWORD }} + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Building Docker Image uses: docker/build-push-action@v2 with: push: ${{ steps.ev.outputs.shouldBuild == 'true' }} tags: | - beryju.org/authentik/server:gh-${{ steps.ev.outputs.branchNameContainer }} - beryju.org/authentik/server:gh-${{ steps.ev.outputs.branchNameContainer }}-${{ steps.ev.outputs.timestamp }}-${{ steps.ev.outputs.sha }} + ghcr.io/goauthentik/dev-server:gh-${{ steps.ev.outputs.branchNameContainer }} + ghcr.io/goauthentik/dev-server:gh-${{ steps.ev.outputs.branchNameContainer }}-${{ steps.ev.outputs.timestamp }}-${{ steps.ev.outputs.sha }} build-args: | GIT_BUILD_HASH=${{ steps.ev.outputs.sha }} diff --git a/.github/workflows/ci-outpost.yml b/.github/workflows/ci-outpost.yml index 16b1026c1..626804b97 100644 --- a/.github/workflows/ci-outpost.yml +++ b/.github/workflows/ci-outpost.yml @@ -53,17 +53,17 @@ jobs: uses: docker/login-action@v1 if: ${{ steps.ev.outputs.shouldBuild == 'true' }} with: - registry: beryju.org - username: ${{ secrets.HARBOR_USERNAME }} - password: ${{ secrets.HARBOR_PASSWORD }} + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Building Docker Image uses: docker/build-push-action@v2 with: push: ${{ steps.ev.outputs.shouldBuild == 'true' }} tags: | - beryju.org/authentik/outpost-${{ matrix.type }}:gh-${{ steps.ev.outputs.branchNameContainer }} - beryju.org/authentik/outpost-${{ matrix.type }}:gh-${{ steps.ev.outputs.branchNameContainer }}-${{ steps.ev.outputs.timestamp }} - beryju.org/authentik/outpost-${{ matrix.type }}:gh-${{ steps.ev.outputs.sha }} + ghcr.io/goauthentik/dev-${{ matrix.type }}:gh-${{ steps.ev.outputs.branchNameContainer }} + ghcr.io/goauthentik/dev-${{ matrix.type }}:gh-${{ steps.ev.outputs.branchNameContainer }}-${{ steps.ev.outputs.timestamp }} + ghcr.io/goauthentik/dev-${{ matrix.type }}:gh-${{ steps.ev.outputs.sha }} file: ${{ matrix.type }}.Dockerfile build-args: | GIT_BUILD_HASH=${{ steps.ev.outputs.sha }} diff --git a/.github/workflows/ghcr-retention.yml b/.github/workflows/ghcr-retention.yml new file mode 100644 index 000000000..922aa412f --- /dev/null +++ b/.github/workflows/ghcr-retention.yml @@ -0,0 +1,21 @@ +name: ghcr-retention + +on: + schedule: + - cron: '0 0 * * *' # every day at midnight + +jobs: + clean-ghcr: + name: Delete old unused container images + runs-on: ubuntu-latest + steps: + - name: Delete 'dev' containers older than a week + uses: sondrelg/container-retention-policy@v1 + with: + image-names: dev-server,dev-ldap,dev-proxy + cut-off: One month ago UTC + account-type: org + org-name: goauthentik + untagged-only: false + token: ${{ secrets.GHCR_CLEANUP_TOKEN }} + skip-tags: gh-next,gh-master diff --git a/authentik/root/test_runner.py b/authentik/root/test_runner.py index dff172ea9..870574123 100644 --- a/authentik/root/test_runner.py +++ b/authentik/root/test_runner.py @@ -18,7 +18,7 @@ class PytestTestRunner: # pragma: no cover CONFIG.y_set("authentik.geoip", "tests/GeoLite2-City-Test.mmdb") CONFIG.y_set( "outposts.docker_image_base", - f"beryju.org/authentik/outpost-%(type)s:{get_docker_tag()}", + f"ghcr.io/goauthentik/dev-%(type)s:{get_docker_tag()}", ) def run_tests(self, test_labels): diff --git a/tests/e2e/test_provider_ldap.py b/tests/e2e/test_provider_ldap.py index a33223390..f34a7411d 100644 --- a/tests/e2e/test_provider_ldap.py +++ b/tests/e2e/test_provider_ldap.py @@ -33,7 +33,7 @@ class TestProviderLDAP(SeleniumTestCase): """Start ldap container based on outpost created""" client: DockerClient = from_env() container = client.containers.run( - image=self.get_container_image("beryju.org/authentik/outpost-ldap"), + image=self.get_container_image("ghcr.io/goauthentik/dev-ldap"), detach=True, network_mode="host", auto_remove=True, diff --git a/tests/e2e/test_provider_proxy.py b/tests/e2e/test_provider_proxy.py index 1bd260a64..e7b352b8d 100644 --- a/tests/e2e/test_provider_proxy.py +++ b/tests/e2e/test_provider_proxy.py @@ -42,7 +42,7 @@ class TestProviderProxy(SeleniumTestCase): """Start proxy container based on outpost created""" client: DockerClient = from_env() container = client.containers.run( - image=self.get_container_image("beryju.org/authentik/outpost-proxy"), + image=self.get_container_image("ghcr.io/goauthentik/dev-proxy"), detach=True, network_mode="host", auto_remove=True, diff --git a/tests/integration/test_outpost_docker.py b/tests/integration/test_outpost_docker.py index ddc6ff26b..e4c3bdca2 100644 --- a/tests/integration/test_outpost_docker.py +++ b/tests/integration/test_outpost_docker.py @@ -108,5 +108,5 @@ class OutpostDockerTests(TestCase): self.assertEqual(compose["version"], "3.5") self.assertEqual( compose["services"]["authentik_proxy"]["image"], - f"beryju.org/authentik/outpost-proxy:{get_docker_tag()}", + f"ghcr.io/goauthentik/dev-proxy:{get_docker_tag()}", ) diff --git a/tests/integration/test_proxy_docker.py b/tests/integration/test_proxy_docker.py index a0c9ae6d4..2c8bb17a2 100644 --- a/tests/integration/test_proxy_docker.py +++ b/tests/integration/test_proxy_docker.py @@ -108,5 +108,5 @@ class TestProxyDocker(TestCase): self.assertEqual(compose["version"], "3.5") self.assertEqual( compose["services"]["authentik_proxy"]["image"], - f"beryju.org/authentik/outpost-proxy:{get_docker_tag()}", + f"ghcr.io/goauthentik/dev-proxy:{get_docker_tag()}", ) diff --git a/website/developer-docs/setup/frontend-only-dev-environment.md b/website/developer-docs/setup/frontend-only-dev-environment.md index ef0aacac8..21edfd337 100644 --- a/website/developer-docs/setup/frontend-only-dev-environment.md +++ b/website/developer-docs/setup/frontend-only-dev-environment.md @@ -17,9 +17,9 @@ If you want to only make changes on the UI, you don't need a backend running fro 3. Add the following entry to your `.env` file: ``` - AUTHENTIK_IMAGE=beryju.org/authentik/server + AUTHENTIK_IMAGE=goauthentik.io/dev-server AUTHENTIK_TAG=gh-next - AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE=beryju.org/authentik/outpost-%(type)s:gh-next + AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE=goauthentik.io/dev-%(type)s:gh-next AUTHENTIK_LOG_LEVEL=debug AUTHENTIK_WEB_LOAD_LOCAL_FILES=true ``` diff --git a/website/docs/installation/beta.mdx b/website/docs/installation/beta.mdx index 4bfbf52d5..34c0599f9 100644 --- a/website/docs/installation/beta.mdx +++ b/website/docs/installation/beta.mdx @@ -17,9 +17,9 @@ import TabItem from '@theme/TabItem'; Add the following block to your `.env` file: ```shell -AUTHENTIK_IMAGE=beryju.org/authentik/server +AUTHENTIK_IMAGE=goauthentik.io/dev-server AUTHENTIK_TAG=gh-next -AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE=beryju.org/authentik/outpost-%(type)s:gh-next +AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE=goauthentik.io/dev-%(type)s:gh-next ``` Afterwards, run the upgrade commands from the latest releasae notes. @@ -30,9 +30,9 @@ Add the following block to your `values.yml` file: ```yaml authentik: outposts: - docker_image_base: beryju.org/authentik/outpost-%(type)s:gh-%(build_hash)s + docker_image_base: goauthentik.io/dev-%(type)s:gh-%(build_hash)s image: - repository: beryju.org/authentik/server + repository: goauthentik.io/dev-server tag: gh-next # pullPolicy: Always to ensure you always get the latest version pullPolicy: Always diff --git a/website/docs/integrations/services/minio/index.md b/website/docs/integrations/services/minio/index.md index ca26424ce..50bc6d321 100644 --- a/website/docs/integrations/services/minio/index.md +++ b/website/docs/integrations/services/minio/index.md @@ -39,7 +39,7 @@ Note the Client ID and Client Secret values. Create an application, using the pr ``` ~ mc admin config set myminio identity_openid \ - config_url="https://id.beryju.org/application/o//.well-known/openid-configuration" \ + config_url="https://authentik.company/application/o//.well-known/openid-configuration" \ client_id="" \ scopes="openid,profile,email,minio" ```