1- # This Github Action will build and publish images to Azure Container Registry(ACR), from where the published images will be
2- # automatically pushed to the trusted registry, Microsoft Container Registry(MCR).
1+ # This Github Action will build and publish images to Azure Container Registry (ACR), from where the published images will be
2+ # automatically pushed to the trusted registry, Microsoft Container Registry (MCR).
3+
4+ # TO-DO (chenyu1): evaluate if we need to hide arch-specific images in ACR.
35
46name : Building and Pushing to MCR
57on :
@@ -188,4 +190,69 @@ jobs:
188190env :
189191 CRD_INSTALLER_IMAGE_VERSION : ${{ needs.prepare-variables.outputs.release_tag }}-arm64
190192 REGISTRY : ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}
191- TARGET_ARCH : arm64
193+ TARGET_ARCH : arm64
194+
195+ create-image-manifest-bundle :
196+ runs-on :
197+ # Use the x86_64 1ES pool to run this job; in theory it can be run on the ARM64 1ES pool as well.
198+ labels : [self-hosted, "1ES.Pool=1es-aks-fleet-pool-ubuntu"]
199+ needs : [prepare-variables, publish-images-amd64, publish-images-arm64]
200+ steps :
201+ - name : ' Wait until images are processed'
202+ # Note (chenyu1): as we are pulling from ACR rather than MCR, the images should be available almost
203+ # immediately after the push is done; the delay is added here as a precaution.
204+ run : |
205+ echo "Waiting for 3 minutes to ensure that images are fully processed"
206+ sleep 180
207+ name : ' Login the ACR'
208+ run : |
209+ az login --identity
210+ az acr login -n ${{ secrets.AZURE_REGISTRY }}
211+ name : ' Pull the hub agent images from ACR'
212+ # Note (chenyu1): must set the target platform explictly.
213+ run : |
214+ docker pull --platform linux/amd64 ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/hub-agent:${{ needs.prepare-variables.outputs.release_tag }}-amd64
215+ docker pull --platform linux/arm64 ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/hub-agent:${{ needs.prepare-variables.outputs.release_tag }}-arm64
216+ name : ' Create and push multi-arch image manifests for the hub agent image'
217+ # Note (chenyu1): use `docker buildx imagetools create`, otherwise attestations cannot be perserved.
218+ run : |
219+ docker buildx imagetools create \
220+ -t ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/hub-agent:${{ needs.prepare-variables.outputs.release_tag }} \
221+ ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/hub-agent:${{ needs.prepare-variables.outputs.release_tag }}-amd64 \
222+ ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/hub-agent:${{ needs.prepare-variables.outputs.release_tag }}-arm64
223+ name : ' Pull the member agent images from ACR'
224+ # Note (chenyu1): must set the target platform explictly.
225+ run : |
226+ docker pull --platform linux/amd64 ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/member-agent:${{ needs.prepare-variables.outputs.release_tag }}-amd64
227+ docker pull --platform linux/arm64 ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/member-agent:${{ needs.prepare-variables.outputs.release_tag }}-arm64
228+ name : ' Create and push multi-arch image manifests for the member agent image'
229+ # Note (chenyu1): use `docker buildx imagetools create`, otherwise attestations cannot be perserved.
230+ run : |
231+ docker buildx imagetools create \
232+ -t ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/member-agent:${{ needs.prepare-variables.outputs.release_tag }} \
233+ ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/member-agent:${{ needs.prepare-variables.outputs.release_tag }}-amd64 \
234+ ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/member-agent:${{ needs.prepare-variables.outputs.release_tag }}-arm64
235+ name : ' Pull the refresh token images from ACR'
236+ # Note (chenyu1): must set the target platform explictly.
237+ run : |
238+ docker pull --platform linux/amd64 ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/refresh-token:${{ needs.prepare-variables.outputs.release_tag }}-amd64
239+ docker pull --platform linux/arm64 ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/refresh-token:${{ needs.prepare-variables.outputs.release_tag }}-arm64
240+ name : ' Create and push multi-arch image manifests for the refresh token image'
241+ # Note (chenyu1): use `docker buildx imagetools create`, otherwise attestations cannot be perserved.
242+ run : |
243+ docker buildx imagetools create \
244+ -t ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/refresh-token:${{ needs.prepare-variables.outputs.release_tag }} \
245+ ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/refresh-token:${{ needs.prepare-variables.outputs.release_tag }}-amd64 \
246+ ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/refresh-token:${{ needs.prepare-variables.outputs.release_tag }}-arm64
247+ name : ' Pull the crd installer images from ACR'
248+ # Note (chenyu1): must set the target platform explictly.
249+ run : |
250+ docker pull --platform linux/amd64 ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/crd-installer:${{ needs.prepare-variables.outputs.release_tag }}-amd64
251+ docker pull --platform linux/arm64 ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/crd-installer:${{ needs.prepare-variables.outputs.release_tag }}-arm64
252+ name : ' Create and push multi-arch image manifests for the crd installer image'
253+ # Note (chenyu1): use `docker buildx imagetools create`, otherwise attestations cannot be perserved.
254+ run : |
255+ docker buildx imagetools create \
256+ -t ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/crd-installer:${{ needs.prepare-variables.outputs.release_tag }} \
257+ ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/crd-installer:${{ needs.prepare-variables.outputs.release_tag }}-amd64 \
258+ ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/crd-installer:${{ needs.prepare-variables.outputs.release_tag }}-arm64
0 commit comments