Skip to content
Building and Pushing to MCR

feat: add a multi-arch image manifest bundle creation step in the image build pipeline #216

Sign in to view logs

feat: add a multi-arch image manifest bundle creation step in the image build pipeline

feat: add a multi-arch image manifest bundle creation step in the image build pipeline #216

Workflow file for this run

.github/workflows/build-publish-mcr.yml at 1015317
# This Github Action will build and publish images to Azure Container Registry(ACR), from where the published images will be
# automatically pushed to the trusted registry, Microsoft Container Registry(MCR).
name: Building and Pushing to MCR
on:
pull_request:
branches:
- main
permissions:
id-token: write
contents: read
env:
# `public` indicates images to MCR will be publicly available, and will be removed in the final MCR images
REGISTRY_REPO: public/aks/fleet
ARC_REGISTRY_REPO: public/microsoft.fleetmember
jobs:
prepare-variables:
runs-on: ubuntu-latest
outputs:
release_tag: ${{ steps.vars.outputs.release_tag }}
fleet_networking_version: ${{ steps.vars.outputs.fleet_networking_version }}
arc_helmchart_version: ${{ steps.vars.outputs.arc_helmchart_version }}
steps:
- uses: actions/checkout@v5
with:
fetch-depth: 0
- name: 'Set output variables'
id: vars
run: |
# set the image version
RELEASE_TAG=${{ inputs.releaseTag }}
if [ -z "$RELEASE_TAG" ]; then
RELEASE_TAG=`git describe --tags $(git rev-list --tags --max-count=1)`
echo "The user input release tag is empty, will use the latest tag $RELEASE_TAG."
fi
echo "release_tag=$RELEASE_TAG" >> $GITHUB_OUTPUT
# Strip 'v' prefix from RELEASE_TAG for helm chart version
ARC_HELMCHART_VERSION="${RELEASE_TAG#v}"
echo "arc_helmchart_version=$ARC_HELMCHART_VERSION" >> $GITHUB_OUTPUT
echo "Using Arc Helm Chart version: $ARC_HELMCHART_VERSION"
# Fetch the latest fleet-networking version
# NOTE: The fleet-networking image must be cut and pushed to MCR first before retrieving this version
FLEET_NETWORKING_VERSION="${FLEET_NETWORKING_VERSION:-$(curl "https://api.github.com/repos/Azure/fleet-networking/tags" | jq -r '.[0].name')}"
echo "fleet_networking_version=$FLEET_NETWORKING_VERSION" >> $GITHUB_OUTPUT
echo "Using Fleet Networking version: $FLEET_NETWORKING_VERSION"
# NOTE: As exporting a variable from a secret is not possible, the shared variable registry obtained
# from AZURE_REGISTRY secret is not exported from here.
create-image-manifest-bundle:
runs-on:
# Use the x86_64 1ES pool to run this job; in theory it can be run on the ARM64 1ES pool as well.
labels: [self-hosted, "1ES.Pool=1es-aks-fleet-pool-ubuntu"]
needs: prepare-variables
#needs: [publish-images-amd64, publish-images-arm64]
steps:
- name: 'Wait until images are processed'
run: |
echo "Waiting for 10 minutes to ensure that images are fully processed in MCR"
sleep 10
- name: 'Login the ACR'
run: |
az login --identity
az acr login -n aksmcrimagescommon
- name: 'Pull the refresh token images from MCR'
run: |
docker pull aksmcrimagescommon.azurecr.io/${{ env.REGISTRY_REPO}}/refresh-token:${{ needs.prepare-variables.outputs.release_tag }}-amd64
docker pull --platform linux/arm64 aksmcrimagescommon.azurecr.io/${{ env.REGISTRY_REPO}}/refresh-token:${{ needs.prepare-variables.outputs.release_tag }}-arm64
- name: 'Create and push multi-arch image manifests for the refresh token image'
run: |
docker manifest create aksmcrimagescommon.azurecr.io/${{ env.REGISTRY_REPO}}/refresh-token:${{ needs.prepare-variables.outputs.release_tag }} \
--amend aksmcrimagescommon.azurecr.io/${{ env.REGISTRY_REPO}}/refresh-token:${{ needs.prepare-variables.outputs.release_tag }}-amd64 \
--amend aksmcrimagescommon.azurecr.io/${{ env.REGISTRY_REPO}}/refresh-token:${{ needs.prepare-variables.outputs.release_tag }}-arm64
docker manifest push aksmcrimagescommon.azurecr.io/${{ env.REGISTRY_REPO}}/refresh-token:${{ needs.prepare-variables.outputs.release_tag }}