33
44name : Building and Pushing to MCR
55on :
6- workflow_dispatch :
7- inputs :
8- releaseTag :
9- description : ' Release tag to publish images, defaults to the latest one'
10- type : string
6+ pull_request :
7+ branches :
8+ - main
119
1210permissions :
1311 id-token : write
@@ -54,144 +52,57 @@ jobs:
5452 # NOTE: As exporting a variable from a secret is not possible, the shared variable registry obtained
5553 # from AZURE_REGISTRY secret is not exported from here.
5654
57- publish-images-amd64 :
55+ create-image-manifest-bundle :
5856 runs-on :
57+ # Use the x86_64 1ES pool to run this job; in theory it can be run on the ARM64 1ES pool as well.
5958 labels : [self-hosted, "1ES.Pool=1es-aks-fleet-pool-ubuntu"]
60- needs : prepare-variables
59+ # needs: [publish-images-amd64, publish-images-arm64]
6160 steps :
62- - uses : actions/checkout@v5
63- with :
64- ref : ${{ needs.prepare-variables.outputs.release_tag }}
65- - name : ' Login the ACR'
66- run : |
67- az login --identity
68- az acr login -n ${{ secrets.AZURE_REGISTRY }}
69- name : Build and publish hub-agent
70- run : |
71- make docker-build-hub-agent
72- env :
73- HUB_AGENT_IMAGE_VERSION : ${{ needs.prepare-variables.outputs.release_tag }}-amd64
74- REGISTRY : ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}
75- - name : Build and publish member-agent
76- run : |
77- make docker-build-member-agent
78- env :
79- MEMBER_AGENT_IMAGE_VERSION : ${{ needs.prepare-variables.outputs.release_tag }}-amd64
80- REGISTRY : ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}
81- - name : Build and publish refresh-token
82- run : |
83- make docker-build-refresh-token
84- env :
85- REFRESH_TOKEN_IMAGE_VERSION : ${{ needs.prepare-variables.outputs.release_tag }}-amd64
86- REGISTRY : ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}
87- - name : Build and publish crd-installer
88- run : |
89- make docker-build-crd-installer
90- env :
91- CRD_INSTALLER_IMAGE_VERSION : ${{ needs.prepare-variables.outputs.release_tag }}-amd64
92- REGISTRY : ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}
93- # Build Arc Extension for member clusters
94- # Arc-connected clusters can join fleets as member clusters through an Arc Extension.
95- # An Arc Extension is a packaged Helm chart that gets deployed to Arc clusters.
96- # This step packages both the fleet member agent and networking agents into a single
97- # Helm chart for Arc deployment, since Arc Extensions require all components to be bundled together.
98- - name : Build and publish ARC member cluster agents helm chart
99- run : |
100- make helm-package-arc-member-cluster-agents
101- env :
102- ARC_MEMBER_AGENT_HELMCHART_VERSION : ${{ needs.prepare-variables.outputs.arc_helmchart_version }}
103- MEMBER_AGENT_IMAGE_VERSION : ${{ needs.prepare-variables.outputs.release_tag }}
104- REFRESH_TOKEN_IMAGE_VERSION : ${{ needs.prepare-variables.outputs.release_tag }}
105- CRD_INSTALLER_IMAGE_VERSION : ${{ needs.prepare-variables.outputs.release_tag }}
106- MCS_CONTROLLER_IMAGE_VERSION : ${{ needs.prepare-variables.outputs.fleet_networking_version }}
107- MEMBER_NET_CONTROLLER_IMAGE_VERSION : ${{ needs.prepare-variables.outputs.fleet_networking_version }}
108- REGISTRY : ${{ secrets.AZURE_REGISTRY }}/${{ env.ARC_REGISTRY_REPO}}
109-
110- publish-images-arm64 :
111- runs-on :
112- labels : [self-hosted, "1ES.Pool=1es-aks-fleet-pool-ubuntu-arm64"]
113- needs : prepare-variables
114- steps :
115- - uses : actions/checkout@v5
116- with :
117- ref : ${{ needs.prepare-variables.outputs.release_tag }}
118- - name : ' Install the Azure CLI'
119- # Note (chenyu1): the self-hosted 1ES ARM64 pool, for some reason, does not have Azure CLI installed by default;
120- # install it manually here.
121- run :
122- curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
123- - name : ' Set up build dependencies'
124- # Note (chenyu1): the self-hosted 1ES ARM64 pool, for some reason, does not have the common build
125- # tools (e.g., make) installed by default; install them manually.
126- run : |
127- sudo apt-get update
128- sudo apt-get install -y build-essential acl
129- name : ' Set up Docker'
130- # Note (chenyu1): the self-hosted 1ES ARM64 pool, for some reason, does not have Docker installed by default,
131- # and cannot have Docker installed via the docker/setup-docker-action Github Action, hence the manual setup
132- # steps here.
133- run : |
134- sudo apt-get update
135- sudo apt-get -y install ca-certificates curl
136- sudo install -m 0755 -d /etc/apt/keyrings
137- sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
138- sudo chmod a+r /etc/apt/keyrings/docker.asc
139- echo \
140- "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
141- $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \
142- sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
143- sudo apt-get update
144- sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
145- name : ' Enable Docker access'
146- # Note (chenyu1): there are situations where the newgrp command will not take effect; set access
147- # to the docker daemon directly just in case.
148- run : |
149- sudo groupadd docker || true
150- echo "Adding $USER to the docker group"
151- sudo usermod -aG docker $USER
152- newgrp docker
153- sudo setfacl --modify user:$USER:rw /var/run/docker.sock
154- name : ' Login the ACR'
155- # Note (chenyu1): must not use root privileges; the system seems to have some trouble
156- # retrieving credentials when sudo is used.
157- run : |
158- sudo az login --identity
159- sudo az acr login -n ${{ secrets.AZURE_REGISTRY }}
160- name : ' Verify Docker CLI'
161- # Note (chenyu1): the Docker installation has to be invoked with root privileges by default; for
162- # simplicity reasons in this pipeline we will make no attempt to enable rootless Docker usage.
163- run : |
164- sudo docker version
165- sudo docker info
166- name : Build and publish hub-agent
167- # Note (chenyu1): must preserve the environment here.
168- run : |
169- sudo -E make docker-build-hub-agent
170- env :
171- HUB_AGENT_IMAGE_VERSION : ${{ needs.prepare-variables.outputs.release_tag }}-arm64
172- REGISTRY : ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}
173- TARGET_ARCH : arm64
174- - name : Build and publish member-agent
175- # Note (chenyu1): must preserve the environment here.
176- run : |
177- sudo -E make docker-build-member-agent
178- env :
179- MEMBER_AGENT_IMAGE_VERSION : ${{ needs.prepare-variables.outputs.release_tag }}-arm64
180- REGISTRY : ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}
181- TARGET_ARCH : arm64
182- - name : Build and publish refresh-token
183- # Note (chenyu1): must preserve the environment here.
184- run : |
185- sudo -E make docker-build-refresh-token
186- env :
187- REFRESH_TOKEN_IMAGE_VERSION : ${{ needs.prepare-variables.outputs.release_tag }}-arm64
188- REGISTRY : ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}
189- TARGET_ARCH : arm64
190- - name : Build and publish crd-installer
191- # Note (chenyu1): must preserve the environment here.
192- run : |
193- sudo -E make docker-build-crd-installer
194- env :
195- CRD_INSTALLER_IMAGE_VERSION : ${{ needs.prepare-variables.outputs.release_tag }}-arm64
196- REGISTRY : ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}
197- TARGET_ARCH : arm64
61+ - name : ' Wait until images are processed'
62+ run : |
63+ echo "Waiting for 10 minutes to ensure that images are fully processed in MCR"
64+ sleep 600
65+ name : ' Login the ACR'
66+ run : |
67+ az login --identity
68+ az acr login -n ${{ secrets.AZURE_REGISTRY }}
69+ name : ' Pull the hub agent images from MCR'
70+ run : |
71+ docker pull ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/hub-agent:${{ needs.prepare-variables.outputs.release_tag }}-amd64
72+ docker pull ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/hub-agent:${{ needs.prepare-variables.outputs.release_tag }}-arm64
73+ name : ' Create and push multi-arch image manifests'
74+ run : |
75+ docker manifest create ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/hub-agent:${{ needs.prepare-variables.outputs.release_tag }} \
76+ --amend ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/hub-agent:${{ needs.prepare-variables.outputs.release_tag }}-amd64 \
77+ --amend ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/hub-agent:${{ needs.prepare-variables.outputs.release_tag }}-arm64
78+ docker manifest push ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/hub-agent:${{ needs.prepare-variables.outputs.release_tag }}
79+ name : ' Pull the member agent images from MCR'
80+ run : |
81+ docker pull ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/member-agent:${{ needs.prepare-variables.outputs.release_tag }}-amd64
82+ docker pull ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/member-agent:${{ needs.prepare-variables.outputs.release_tag }}-arm64
83+ name : ' Create and push multi-arch image manifests'
84+ run : |
85+ docker manifest create ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/member-agent:${{ needs.prepare-variables.outputs.release_tag }} \
86+ --amend ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/member-agent:${{ needs.prepare-variables.outputs.release_tag }}-amd64 \
87+ --amend ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/member-agent:${{ needs.prepare-variables.outputs.release_tag }}-arm64
88+ docker manifest push ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/member-agent:${{ needs.prepare-variables.outputs.release_tag }}
89+ name : ' Pull the refresh token images from MCR'
90+ run : |
91+ docker pull ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/refresh-token:${{ needs.prepare-variables.outputs.release_tag }}-amd64
92+ docker pull ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/refresh-token:${{ needs.prepare-variables.outputs.release_tag }}-arm64
93+ name : ' Create and push multi-arch image manifests'
94+ run : |
95+ docker manifest create ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/refresh-token:${{ needs.prepare-variables.outputs.release_tag }} \
96+ --amend ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/refresh-token:${{ needs.prepare-variables.outputs.release_tag }}-amd64 \
97+ --amend ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/refresh-token:${{ needs.prepare-variables.outputs.release_tag }}-arm64
98+ docker manifest push ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/refresh-token:${{ needs.prepare-variables.outputs.release_tag }}
99+ name : ' Pull the crd installer images from MCR'
100+ run : |
101+ docker pull ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/crd-installer:${{ needs.prepare-variables.outputs.release_tag }}-amd64
102+ docker pull ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/crd-installer:${{ needs.prepare-variables.outputs.release_tag }}-arm64
103+ name : ' Create and push multi-arch image manifests'
104+ run : |
105+ docker manifest create ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/crd-installer:${{ needs.prepare-variables.outputs.release_tag }} \
106+ --amend ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/crd-installer:${{ needs.prepare-variables.outputs.release_tag }}-amd64 \
107+ --amend ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/crd-installer:${{ needs.prepare-variables.outputs.release_tag }}-arm64
108+ docker manifest push ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}/crd-installer:${{ needs.prepare-variables.outputs.release_tag }}
0 commit comments