From 4feb90f19f37261cf935308a258159f65e00a229 Mon Sep 17 00:00:00 2001 From: Barry Chen Date: Mon, 5 Jan 2026 17:06:38 -0600 Subject: [PATCH] chore(ci): use gh actions to build and deploy to GAR and ghcr --- .circleci/config.yml | 134 ------------------------ .github/workflows/mozcloud-publish.yaml | 42 ++++++++ 2 files changed, 42 insertions(+), 134 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 80c62d47cd..8bd0003cbb 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -554,114 +554,6 @@ jobs: paths: - /home/circleci/cache - # Auth to GCR, tag and push image - deploy-spanner-to-gar: - executor: gcp-gcr/default - parameters: - image: - type: string - default: syncstorage-rs - registry-url: - type: string - default: us-docker.pkg.dev - gar-repo: - type: string - default: sync-prod - steps: - # Auth to GCR - # https://circleci.com/developer/orbs/orb/circleci/gcp-gcr#commands-gcr-auth - - gcp-gcr/gcr-auth: - registry-url: <> - use_oidc: true - - restore_cache: - key: spanner-{{ .Branch }}-{{ .Environment.CIRCLE_SHA1 }} - - run: - name: Restore Docker image cache - command: docker load -i /home/circleci/cache/docker.tar - - run: - name: Tag image - command: | - if [ "${CIRCLE_BRANCH}" == "master" ]; then - GAR_TAG="${CIRCLE_SHA1}" - fi - - if echo "${CIRCLE_BRANCH}" | grep '^feature\..*' > /dev/null; then - GAR_TAG="${CIRCLE_BRANCH}" - fi - - if [ -n "${CIRCLE_TAG}" ]; then - GAR_TAG="$CIRCLE_TAG" - fi - - if [ -n "${GAR_TAG}" ]; then - echo "export GAR_TAG=${GAR_TAG}" >> $BASH_ENV - echo "export GAR_IMAGE=\"<>/${GOOGLE_PROJECT_ID}/<>/<>\"" >> $BASH_ENV - source $BASH_ENV - docker tag app:build ${GAR_IMAGE}:${GAR_TAG} - else - echo "Not pushing to gar for tag=${CIRCLE_TAG} branch=${CIRCLE_BRANCH}" - fi - # Push image - # https://circleci.com/developer/orbs/orb/circleci/gcp-gcr#commands-push-image - - gcp-gcr/push-image: - image: <>/<> - registry-url: <> - tag: $GAR_TAG - - # Auth to GCR, tag and push image - deploy-postgres-to-gar: - executor: gcp-gcr/default - parameters: - image: - type: string - default: syncstorage-rs-postgres - registry-url: - type: string - default: us-docker.pkg.dev - gar-repo: - type: string - default: sync-prod - steps: - # Auth to GCR - # https://circleci.com/developer/orbs/orb/circleci/gcp-gcr#commands-gcr-auth - - gcp-gcr/gcr-auth: - registry-url: <> - use_oidc: true - - restore_cache: - key: postgres-{{ .Branch }}-{{ .Environment.CIRCLE_SHA1 }} - - run: - name: Restore Docker image cache - command: docker load -i /home/circleci/cache/docker.tar - - run: - name: Tag image - command: | - if [ "${CIRCLE_BRANCH}" == "master" ]; then - GAR_TAG="${CIRCLE_SHA1}" - fi - - if echo "${CIRCLE_BRANCH}" | grep '^feature\..*' > /dev/null; then - GAR_TAG="${CIRCLE_BRANCH}" - fi - - if [ -n "${CIRCLE_TAG}" ]; then - GAR_TAG="$CIRCLE_TAG" - fi - - if [ -n "${GAR_TAG}" ]; then - echo "export GAR_TAG=${GAR_TAG}" >> $BASH_ENV - echo "export GAR_IMAGE=\"<>/${GOOGLE_PROJECT_ID}/<>/<>\"" >> $BASH_ENV - source $BASH_ENV - docker tag app:build ${GAR_IMAGE}:${GAR_TAG} - else - echo "Not pushing to gar for tag=${CIRCLE_TAG} branch=${CIRCLE_BRANCH}" - fi - # Push image - # https://circleci.com/developer/orbs/orb/circleci/gcp-gcr#commands-push-image - - gcp-gcr/push-image: - image: <>/<> - registry-url: <> - tag: $GAR_TAG - mysql-e2e-tests: docker: - image: cimg/base:2025.04 @@ -941,32 +833,6 @@ workflows: only: /.*/ branches: only: master - - deploy-spanner-to-gar: - registry-url: us-docker.pkg.dev - gar-repo: sync-prod - image: syncstorage-rs - requires: - - mysql-e2e-tests - - postgres-e2e-tests - - spanner-e2e-tests - filters: - tags: - only: /.*/ - branches: - only: master - - deploy-postgres-to-gar: - registry-url: us-docker.pkg.dev - gar-repo: sync-prod - image: syncstorage-rs-postgres - requires: - - mysql-e2e-tests - - postgres-e2e-tests - - spanner-e2e-tests - filters: - tags: - only: /.*/ - branches: - only: master - deploy-spanner-python-utils: requires: - spanner-e2e-tests diff --git a/.github/workflows/mozcloud-publish.yaml b/.github/workflows/mozcloud-publish.yaml index b36632c57e..37e751b69b 100644 --- a/.github/workflows/mozcloud-publish.yaml +++ b/.github/workflows/mozcloud-publish.yaml @@ -5,12 +5,21 @@ on: types: [opened, labeled, unlabeled, synchronize] # paths: # - '**/sync*/**' + push: + branches: + - master + tags: + - '**' workflow_dispatch: {} jobs: build-and-push-syncstorage-rs: if: > github.event_name == 'workflow_dispatch' || + ( + github.event_name == 'push' && + (github.ref_name == 'master' || startsWith(github.ref, 'refs/tags/')) + ) || ( github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'preview') && @@ -19,6 +28,7 @@ jobs: permissions: contents: read id-token: write + packages: write uses: mozilla-it/deploy-actions/.github/workflows/build-and-push.yml@1b87069d293273436a84dff04954a8950d3ff9ca # v6.1.0 with: image_name: syncstorage-rs @@ -27,10 +37,15 @@ jobs: docker_build_args: | SYNCSTORAGE_DATABASE_BACKEND=spanner MYSQLCLIENT_PKG=libmysqlclient-dev + should_tag_ghcr: true build-and-push-syncstorage-rs-postgres: if: > github.event_name == 'workflow_dispatch' || + ( + github.event_name == 'push' && + (github.ref_name == 'master' || startsWith(github.ref, 'refs/tags/')) + ) || ( github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'preview') && @@ -39,6 +54,7 @@ jobs: permissions: contents: read id-token: write + packages: write uses: mozilla-it/deploy-actions/.github/workflows/build-and-push.yml@1b87069d293273436a84dff04954a8950d3ff9ca # v6.1.0 with: image_name: syncstorage-rs-postgres @@ -47,3 +63,29 @@ jobs: docker_build_args: | SYNCSTORAGE_DATABASE_BACKEND=postgres TOKENSERVER_DATABASE_BACKEND=postgres + should_tag_ghcr: true + + build-and-push-syncstorage-rs-spanner-python-utils: + if: > + github.event_name == 'workflow_dispatch' || + ( + github.event_name == 'push' && + startsWith(github.ref, 'refs/tags/') + ) || + ( + github.event_name == 'pull_request' && + contains(github.event.pull_request.labels.*.name, 'preview') && + github.event.pull_request.head.repo.full_name == github.repository + ) + permissions: + contents: read + id-token: write + packages: write + uses: mozilla-it/deploy-actions/.github/workflows/build-and-push.yml@1b87069d293273436a84dff04954a8950d3ff9ca # v6.1.0 + with: + image_name: syncstorage-rs-spanner-python-utils + gar_name: sync-prod + project_id: moz-fx-sync-prod + dockerfile_path: tools/spanner/Dockerfile + image_build_context: tools/spanner + should_tag_ghcr: true