Migrate to Quay and ECR

trnubo · trnubo · commit 9351ca4b4705 · 2023-04-11T19:25:17.000+10:00
diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml
@@ -0,0 +1,103 @@
+name: build and push on main and tags
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - v[0-9]+.[0-9]+.[0-9]+
+      - v[0-9]+.[0-9]+.[0-9]+-[0-9]+
+  pull_request:
+
+env:
+  GITHUB_ROLE_ARN: arn:aws:iam::461800378586:role/GitHubECRPublic
+
+permissions:
+  id-token: write   # Required for OIDC
+  contents: read    # This is required for actions/checkout
+
+jobs:
+  build_and_push:
+
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Get repo name
+        id: image_name
+        run: |
+          sed -E -e 's/docker-//' -e 's/^/image_name=/' <<<"${{ github.repository }}" >> "$GITHUB_OUTPUT"
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          # list of Docker images to use as base name for tags
+          images: |
+            quay.io/${{ steps.image_name.outputs.image_name }}
+            public.ecr.aws/${{ steps.image_name.outputs.image_name }}
+          # generate Docker tags based on the following events/attributes
+          tags: |
+            # type=schedule
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            # type=sha
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+
+      # The values provided to these two AWS steps are always the same for Panubo owned repos
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1-node16
+        with:
+          role-to-assume: ${{ env.GITHUB_ROLE_ARN }}
+          aws-region: us-east-1
+
+      - name: Login to ECR
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v2
+        with:
+          registry: public.ecr.aws
+
+      - name: Login to Quay.io
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v2
+        with:
+          registry: quay.io
+          username: ${{ secrets.PANUBUILD_QUAYIO_USERNAME }}
+          password: ${{ secrets.PANUBUILD_QUAYIO_TOKEN }}
+
+      # - name: Setup BATS
+      #   uses: mig4/setup-bats@v1
+      #   with:
+      #     bats-version: 1.7.0
+
+      - name: Build and export to Docker
+        uses: docker/build-push-action@v4
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          cache-from: type=gha
+          load: true
+          tags: ${{ steps.image_name.outputs.image_name }}:test
+
+      # - name: Test
+      #   run: |
+      #     make _ci_test
+
+      - name: Build and Push
+        uses: docker/build-push-action@v3
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          push: ${{ github.event_name != 'pull_request' }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
diff --git a/.github/workflows/dockerhub-build-push-multi-arch.yml b/.github/workflows/dockerhub-build-push-multi-arch.yml
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # SSHD
 
-Minimal Alpine Linux Docker image with `sshd` exposed and `rsync` installed.
+Minimal Alpine Linux Docker image with `sshd` exposed and `rsync` installed. The image is available on quay.io `quay.io/panubo/sshd` and AWS ECR Public `public.ecr.aws/panubo/sshd`.
 
 ## Environment Options
 
@@ -98,7 +98,7 @@ It is strongly recommend to pre-hash passwords. Passwords that are not hashed ar
 To generate a hashed password use `mkpasswd` which is available in this image or use [https://trnubo.github.io/passwd.html](https://trnubo.github.io/passwd.html) to generate a hash in your browser. Example use of `mkpasswd` below.
 
 ```
-$ docker run --rm -it --entrypoint /usr/bin/env docker.io/panubo/sshd:1.4.0 mkpasswd
+$ docker run --rm -it --entrypoint /usr/bin/env quay.io/panubo/sshd:1.6.0 mkpasswd
 Password:
 $6$w0ZvF/gERVgv08DI$PTq73dIcZLfMK/Kxlw7rWDvVcYvnWJuOWtxC7sXAYZL69CnItCS.QM.nTUyMzaT0aYjDBdbCH1hDiwbQE8/BY1
 ```
@@ -111,7 +111,7 @@ docker run -ti -p 2222:22 \
   -e SSH_USERS=user:1000:1000 \
   -e SSH_ENABLE_PASSWORD_AUTH=true \
   -v $(pwd)/entrypoint.d/:/etc/entrypoint.d/ \
-  docker.io/panubo/sshd:1.4.0
+  quay.io/panubo/sshd:1.6.0
 ```
 
 To enable password authentication on the root account, the previous `setpasswd.sh` script must also define a password for the root user, then
@@ -121,7 +121,7 @@ the command will be:
 docker run -ti -p 2222:22 \
   -e SSH_ENABLE_ROOT_PASSWORD_AUTH=true \
   -v $(pwd)/entrypoint.d/:/etc/entrypoint.d/ \
-  docker.io/panubo/sshd:1.3.0
+  quay.io/panubo/sshd:1.6.0
 ```
 
 ## Usage Example
@@ -138,7 +138,7 @@ docker run -ti -p 2222:22 \
   -v $(pwd)/keys/:/etc/ssh/keys \
   -v $(pwd)/data/:/data/ \
   -e SSH_ENABLE_ROOT=true \
-  docker.io/panubo/sshd:1.4.0
+  quay.io/panubo/sshd:1.6.0
 ```
 
 Create a `www` user with gid/uid 48. You can access with `ssh www@localhost -p 2222` using your private key.
@@ -149,7 +149,7 @@ docker run -ti -p 2222:22 \
   -v $(pwd)/keys/:/etc/ssh/keys \
   -v $(pwd)/data/:/data/ \
   -e SSH_USERS="www:48:48" \
-  docker.io/panubo/sshd:1.4.0
+  quay.io/panubo/sshd:1.6.0
 ```
 
 ## Releases
