toil: remove push image promotion (#95)

lucaspin · web-flow · commit a4810c1dc2d7 · 2025-03-06T08:14:50.000-03:00
diff --git a/.semaphore/env-create.yml b/.semaphore/env-create.yml
@@ -43,7 +43,6 @@ blocks:
             - terraform init
             - make helm.install
       secrets:
-        - name: container-registry-writer
         - name: e2e-test-github-app-${{parameters.CLOUD_TEST_ENV_PREFIX}}
         - name: e2e-test-gitlab-app-${{parameters.CLOUD_TEST_ENV_PREFIX}}
   - name: Update DNS
diff --git a/.semaphore/generate-helm-chart.yml b/.semaphore/generate-helm-chart.yml
@@ -7,8 +7,6 @@ agent:
 blocks:
   - name: Build images
     task:
-      secrets:
-        - name: semreg-semaphoredev-credentials
       env_vars:
         - name: RAILS_ENV
           value: "production"
@@ -60,15 +58,14 @@ blocks:
           commands:
             - checkout
             - if git rev-parse --is-shallow-repository | grep -q true; then git fetch --unshallow --tags; else git fetch --tags; fi
-            - echo $SEMAPHORE_REGISTRY_PASSWORD | docker login --username "$SEMAPHORE_REGISTRY_USERNAME" --password-stdin $SEMAPHORE_REGISTRY_HOST || echo "Semaphore Registry login failed, but continuing the build process." && true
-            - export REGISTRY_HOST=$SEMAPHORE_REGISTRY_HOST
             - export APP_NAME=$(jq -r --arg application "$APPLICATION" '.services[$application][]["app"]' .semaphore/services.json)
             - cd $(jq -r --arg application "$APPLICATION" '.services[$application][]["path"]' .semaphore/services.json)
-            - make build
+            - make build NO_BUILD_CACHE=true
             - 'if [[ -n $SEMAPHORE_GIT_TAG_NAME ]]; then make configure.sign; fi'
-            - make ghcr.configure
-            - make ghcr.push
-            - 'if [[ -n $SEMAPHORE_GIT_TAG_NAME ]]; then make ghcr.sign; fi'
+            - export REGISTRY_HOST=ghcr.io/semaphoreio
+            - make registry.configure
+            - make registry.push
+            - 'if [[ -n $SEMAPHORE_GIT_TAG_NAME ]]; then make registry.sign; fi'
 
   - name: "Create Helm chart"
     task:
diff --git a/.semaphore/push-image.yml b/.semaphore/push-image.yml
diff --git a/.semaphore/release.yml b/.semaphore/release.yml
@@ -14,6 +14,6 @@ blocks:
             - checkout
             - make cosign.install
             - make configure.sign
-            - make ghcr.configure
-            - make ghcr.helm.configure
+            - make registry.configure
+            - make registry.helm.configure
             - ./release.sh
diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml
@@ -3686,92 +3686,6 @@ blocks:
             - make test
             - cache store
 promotions:
-  - name: Push Image - Production
-    pipeline_file: push-image.yml
-    deployment_target: Production
-    parameters:
-      env_vars:
-        - name: SERVICE
-          required: true
-          options:
-            - "APIv1alpha"
-            - "APIv2"
-            - "ArtifactHub"
-            - "Audit"
-            - "Badge"
-            - "BranchHub"
-            - "Dashboardhub"
-            - "Encryptor"
-            - "Front"
-            - "GithubNotifier"
-            - "Gofer"
-            - "Guard"
-            - "HooksProcessor"
-            - "HooksReceiver"
-            - "Keycloak image"
-            - "Keycloak setup"
-            - "Loghub2"
-            - "Monolith"
-            - "Notifications"
-            - "PeriodicScheduler"
-            - "Plumber"
-            - "PreFlightChecks"
-            - "ProjectHub REST API"
-            - "ProjectHub"
-            - "PublicApiGateway"
-            - "RBAC CE"
-            - "RBAC EE"
-            - "Repohub"
-            - "RepositoryHub"
-            - "Scouter"
-            - "SecretHub"
-            - "Self Hosted Hub"
-            - "Statsd"
-            - "Velocity"
-            - "Zebra"
-  - name: Push Image
-    pipeline_file: push-image.yml
-    deployment_target: PreProduction
-    parameters:
-      env_vars:
-        - name: SERVICE
-          required: true
-          options:
-            - "APIv1alpha"
-            - "APIv2"
-            - "ArtifactHub"
-            - "Audit"
-            - "Badge"
-            - "BranchHub"
-            - "Dashboardhub"
-            - "Encryptor"
-            - "Front"
-            - "GithubHooks"
-            - "GithubNotifier"
-            - "Gofer"
-            - "Guard"
-            - "HooksProcessor"
-            - "HooksReceiver"
-            - "Keycloak image"
-            - "Keycloak setup"
-            - "Loghub2"
-            - "Notifications"
-            - "PeriodicScheduler"
-            - "Plumber"
-            - "PreFlightChecks"
-            - "ProjectHub REST API"
-            - "ProjectHub"
-            - "PublicApiGateway"
-            - "RBAC CE"
-            - "RBAC EE"
-            - "Repohub"
-            - "RepositoryHub"
-            - "Scouter"
-            - "SecretHub"
-            - "Self Hosted Hub"
-            - "Statsd"
-            - "Velocity"
-            - "Zebra"
   - name: Generate Helm Chart
     pipeline_file: generate-helm-chart.yml
     deployment_target: github-packages
diff --git a/Makefile b/Makefile
@@ -57,8 +57,7 @@ ifneq ($(CI),)
 	FORMAT_ARGS?=--dry-run --check-formatted
 endif
 
-DOCKERHUB_RELEASE_TAG?=$(shell git rev-list -1 HEAD -- .)
-GCR_RELEASE_TAG?=$(SEMAPHORE_WORKFLOW_ID)-sha-$(SEMAPHORE_GIT_SHA)
+RELEASE_TAG?=$(shell git rev-list -1 HEAD -- .)
 BUILDKIT_INLINE_CACHE=1
 
 #
@@ -152,10 +151,21 @@ tag:
 # If MIX_ENV is set, we're dealing with an Elixir application,
 # so we need to create the 'deps' and '_build' folders.
 #
-build: pull
+build:
 ifneq ($(MIX_ENV),)
 	mkdir -p deps _build
 endif
+ifeq ($(NO_BUILD_CACHE),true)
+	docker build -f Dockerfile \
+		--target $(DOCKER_BUILD_TARGET) \
+		--progress $(DOCKER_BUILD_PROGRESS) \
+		--build-arg BUILDKIT_INLINE_CACHE=$(BUILDKIT_INLINE_CACHE) \
+		--build-arg APP_NAME=$(APP_NAME) \
+		--build-arg BUILD_ENV=$(BUILD_ENV) \
+		-t $(IMAGE):$(IMAGE_TAG) \
+		$(DOCKER_BUILD_PATH)
+else
+	$(MAKE) pull
 	docker build -f Dockerfile \
 		--target $(DOCKER_BUILD_TARGET) \
 		--progress $(DOCKER_BUILD_PROGRESS) \
@@ -166,6 +176,7 @@ endif
 		--cache-from=$(REGISTRY_HOST)/$(MAIN_IMAGE):$(IMAGE_TAG) \
 		-t $(IMAGE):$(IMAGE_TAG) \
 		$(DOCKER_BUILD_PATH)
+endif
 
 #
 # Development operations
@@ -248,34 +259,21 @@ configure.sign:
 	pip install google-cloud-iam && \
 	$(ROOT_MAKEFILE_PATH)/get_id_token.py $$GOOGLE_PROJECT_NAME ci-image-signer > /tmp/sigstore-token
 
-gcloud.configure:
-	gcloud auth activate-service-account $(GCP_REGISTRY_WRITER_EMAIL) --key-file ~/gce-registry-writer-key.json
-	gcloud --quiet auth configure-docker
+registry.push:
+	docker tag $(IMAGE):$(IMAGE_TAG) $(REGISTRY_HOST)/$(APP_NAME):$(RELEASE_TAG)
+	docker push $(REGISTRY_HOST)/$(APP_NAME):$(RELEASE_TAG)
 
-gcloud.push:
-	docker tag $(IMAGE):$(IMAGE_TAG) us.gcr.io/$(GOOGLE_PROJECT_NAME)/$(APP_NAME):$(GCR_RELEASE_TAG)
-	docker push us.gcr.io/$(GOOGLE_PROJECT_NAME)/$(APP_NAME):$(GCR_RELEASE_TAG)
-
-gcloud.sign: cosign.install
+registry.sign: cosign.install
 	cosign sign -y \
 		--identity-token $$(cat /tmp/sigstore-token) \
-		$(shell docker inspect --format='{{index .RepoDigests 0}}' us.gcr.io/$(GOOGLE_PROJECT_NAME)/$(APP_NAME):$(GCR_RELEASE_TAG))
+		$(shell docker inspect --format='{{index .RepoDigests 0}}' $(REGISTRY_HOST)/$(APP_NAME):$(RELEASE_TAG))
 
-ghcr.configure:
+registry.configure:
 	@printf "%s" "$(GITHUB_TOKEN)" | docker login ghcr.io -u "$(GITHUB_USERNAME)" --password-stdin
 
-ghcr.helm.configure:
+registry.helm.configure:
 	@printf "%s" "$(GITHUB_TOKEN)" | helm registry login ghcr.io/semaphoreio --username "$(GITHUB_USERNAME)" --password-stdin
 
-ghcr.push:
-	docker tag $(IMAGE):$(IMAGE_TAG) ghcr.io/semaphoreio/$(APP_NAME):$(DOCKERHUB_RELEASE_TAG)
-	docker push ghcr.io/semaphoreio/$(APP_NAME):$(DOCKERHUB_RELEASE_TAG)
-
-ghcr.sign: cosign.install
-	cosign sign -y \
-		--identity-token $$(cat /tmp/sigstore-token) \
-		$(shell docker inspect --format='{{index .RepoDigests 0}}' ghcr.io/semaphoreio/$(APP_NAME):$(DOCKERHUB_RELEASE_TAG))
-
 cosign.install:
 	curl -O -L "https://github.com/sigstore/cosign/releases/download/v2.4.1/cosign-linux-amd64" && \
 		sudo mv cosign-linux-amd64 /usr/local/bin/cosign && \
