Minor fixes

michaelawyu · michaelawyu · commit ae5cce99128d · 2025-09-18T23:06:31.000+10:00
Signed-off-by: michaelawyu &lt;chenyu1@microsoft.com&gt;
diff --git a/.github/workflows/build-publish-mcr.yml b/.github/workflows/build-publish-mcr.yml
@@ -3,9 +3,11 @@
 
 name: Building and Pushing to MCR
 on:
-  pull_request:
-    branches:
-      - main
+  workflow_dispatch:
+    inputs:
+      releaseTag:
+        description: 'Release tag to publish images, defaults to the latest one'
+        type: string
 
 permissions:
   id-token: write
@@ -52,6 +54,59 @@ jobs:
           # NOTE: As exporting a variable from a secret is not possible, the shared variable registry obtained
           # from AZURE_REGISTRY secret is not exported from here.
 
+  publish-images-amd64:
+    runs-on:
+      labels: [self-hosted, "1ES.Pool=1es-aks-fleet-pool-ubuntu"]
+    needs: prepare-variables
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          ref: ${{ needs.prepare-variables.outputs.release_tag }}
+      - name: 'Login the ACR'
+        run: |
+          az login --identity 
+          az acr login -n ${{ secrets.AZURE_REGISTRY }}
+      - name: Build and publish hub-agent
+        run: |
+          make docker-build-hub-agent
+        env:
+          HUB_AGENT_IMAGE_VERSION: ${{ needs.prepare-variables.outputs.release_tag }}-amd64
+          REGISTRY: ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}
+      - name: Build and publish member-agent
+        run: |
+          make docker-build-member-agent
+        env:
+          MEMBER_AGENT_IMAGE_VERSION: ${{ needs.prepare-variables.outputs.release_tag }}-amd64
+          REGISTRY: ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}
+      - name: Build and publish refresh-token
+        run: |
+          make docker-build-refresh-token
+        env:
+          REFRESH_TOKEN_IMAGE_VERSION: ${{ needs.prepare-variables.outputs.release_tag }}-amd64
+          REGISTRY: ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}
+      - name: Build and publish crd-installer
+        run: |
+          make docker-build-crd-installer
+        env:
+          CRD_INSTALLER_IMAGE_VERSION: ${{ needs.prepare-variables.outputs.release_tag }}-amd64
+          REGISTRY: ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}
+      # Build Arc Extension for member clusters
+      # Arc-connected clusters can join fleets as member clusters through an Arc Extension.
+      # An Arc Extension is a packaged Helm chart that gets deployed to Arc clusters.
+      # This step packages both the fleet member agent and networking agents into a single
+      # Helm chart for Arc deployment, since Arc Extensions require all components to be bundled together.
+      - name: Build and publish ARC member cluster agents helm chart
+        run: |
+          make helm-package-arc-member-cluster-agents
+        env:
+          ARC_MEMBER_AGENT_HELMCHART_VERSION: ${{ needs.prepare-variables.outputs.arc_helmchart_version }}
+          MEMBER_AGENT_IMAGE_VERSION: ${{ needs.prepare-variables.outputs.release_tag }}
+          REFRESH_TOKEN_IMAGE_VERSION: ${{ needs.prepare-variables.outputs.release_tag }}
+          CRD_INSTALLER_IMAGE_VERSION: ${{ needs.prepare-variables.outputs.release_tag }}
+          MCS_CONTROLLER_IMAGE_VERSION: ${{ needs.prepare-variables.outputs.fleet_networking_version }}
+          MEMBER_NET_CONTROLLER_IMAGE_VERSION: ${{ needs.prepare-variables.outputs.fleet_networking_version }}
+          REGISTRY: ${{ secrets.AZURE_REGISTRY }}/${{ env.ARC_REGISTRY_REPO}}
+
   publish-images-arm64:
     runs-on:
       labels: [self-hosted, "1ES.Pool=1es-aks-fleet-pool-ubuntu-arm64"]
@@ -65,9 +120,9 @@ jobs:
         # install it manually here.
         run:
           curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
-      - name: 'Set up dependencies'
+      - name: 'Set up build dependencies'
         # Note (chenyu1): the self-hosted 1ES ARM64 pool, for some reason, does not have the common build
-        # tools (e.g., make) installed by default; install the build-essential meta package to set them up.
+        # tools (e.g., make) installed by default; install them manually.
         run: |
           sudo apt-get update
           sudo apt-get install -y build-essential acl
@@ -88,29 +143,55 @@ jobs:
           sudo apt-get update
           sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
       - name: 'Enable Docker access'
+        # Note (chenyu1): there are situations where the newgrp command will not take effect; set access
+        # to the docker daemon directly just in case.
         run: |
           sudo groupadd docker || true
           echo "Adding $USER to the docker group"
           sudo usermod -aG docker $USER
-          groups $USER
-          whoami
           newgrp docker
           sudo setfacl --modify user:$USER:rw /var/run/docker.sock
       - name: 'Login the ACR'
-        # Note (chenyu1): must login with root privileges to have Docker access.
+        # Note (chenyu1): must not use root privileges; the system seems to have some trouble
+        # retrieving credentials when sudo is used.
         run: |
-          az login --identity
-          az acr login -n aksmcrimagescommon
+          sudo az login --identity
+          sudo az acr login -n ${{ secrets.AZURE_REGISTRY }}
       - name: 'Verify Docker CLI'
         # Note (chenyu1): the Docker installation has to be invoked with root privileges by default; for
         # simplicity reasons in this pipeline we will make no attempt to enable rootless Docker usage.
         run: |
-          docker version
-          docker info
+          sudo docker version
+          sudo docker info
+      - name: Build and publish hub-agent
+        # Note (chenyu1): must preserve the environment here.
+        run: |
+          sudo -E make docker-build-hub-agent
+        env:
+          HUB_AGENT_IMAGE_VERSION: ${{ needs.prepare-variables.outputs.release_tag }}-arm64
+          REGISTRY: ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}
+          TARGET_ARCH: arm64
+      - name: Build and publish member-agent
+        # Note (chenyu1): must preserve the environment here.
+        run: |
+          sudo -E make docker-build-member-agent
+        env:
+          MEMBER_AGENT_IMAGE_VERSION: ${{ needs.prepare-variables.outputs.release_tag }}-arm64
+          REGISTRY: ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}
+          TARGET_ARCH: arm64
       - name: Build and publish refresh-token
+        # Note (chenyu1): must preserve the environment here.
         run: |
-          make docker-build-refresh-token
+          sudo -E make docker-build-refresh-token
         env:
           REFRESH_TOKEN_IMAGE_VERSION: ${{ needs.prepare-variables.outputs.release_tag }}-arm64
-          REGISTRY: aksmcrimagescommon.azurecr.io/public/aks/fleet
+          REGISTRY: ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}
           TARGET_ARCH: arm64
+      - name: Build and publish crd-installer
+        # Note (chenyu1): must preserve the environment here.
+        run: |
+          sudo -E make docker-build-crd-installer
+        env:
+          CRD_INSTALLER_IMAGE_VERSION: ${{ needs.prepare-variables.outputs.release_tag }}-arm64
+          REGISTRY: ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}
+          TARGET_ARCH: arm64
