Skip to content

remove scoping from the check (#17) #295

remove scoping from the check (#17)

remove scoping from the check (#17) #295

Workflow file for this run

name: Containerize
on:
push:
workflow_dispatch:
env:
GITHUB_USERNAME: baronfel
GITHUB_TOKEN: ${{ secrets.CONTAINER_PUSH_PAT }}
jobs:
azure-admin-credentials:
name: "Azure Container Registry - admin credentials"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup .NET SDK
uses: actions/setup-dotnet@v2
- name: Log in to container registry
uses: azure/docker-login@v1
with:
login-server: sdkcontainerdemo.azurecr.io
username: sdkcontainerdemo
password: ${{ secrets.ACR_PAT }}
- uses: ./.github/actions/publishAndLog
with:
profile: azure
variant: admin-credential
azure-ad-credentials:
name: Azure Container Registry - AD OIDC credentials
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
environment: production
steps:
- uses: actions/checkout@v4
- name: Setup .NET SDK
uses: actions/setup-dotnet@v2
- name: login to Azure using AD credentials
uses: Azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: get ACR access token
uses: azure/CLI@v1
with:
# login to the ACR using the login we just did above.
# this will perform a 'docker login' with the identity-token-based credential from that Azure identity
inlineScript: |
echo "DOCKER_TOKEN=$(az acr login --name sdkcontainerdemo --expose-token --output tsv --query accessToken)" >> $GITHUB_ENV
- name: Log in to container registry
uses: azure/docker-login@v1
with:
login-server: sdkcontainerdemo.azurecr.io
username: "00000000-0000-0000-0000-000000000000"
password: ${{ env.DOCKER_TOKEN }}
- uses: ./.github/actions/publishAndLog
with:
profile: azure
variant: ad-credential
azure-managed-identity:
name: Azure Container Registry - Managed Identity
runs-on: ubuntu-latest
environment: production
steps:
- uses: actions/checkout@v4
- name: Setup .NET SDK
uses: actions/setup-dotnet@v2
- name: login to azure with managed identity
uses: Azure/login@v1
with:
creds: '{"clientId":"${{ secrets.AZURE_MANAGED_IDENTITY_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_MANAGED_IDENTITY_CLIENT_SECRET }}","subscriptionId":"${{ secrets.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.AZURE_TENANT_ID }}"}'
- name: get ACR access token
uses: azure/CLI@v1
with:
# login to the ACR using the login we just did above.
# this will perform a 'docker login' with the identity-token-based credential from that Azure identity
inlineScript: |
echo "DOCKER_TOKEN=$(az acr login --name sdkcontainerdemo --expose-token --output tsv --query accessToken)" >> $GITHUB_ENV
- name: Log in to container registry
uses: azure/docker-login@v1
with:
login-server: sdkcontainerdemo.azurecr.io
username: "00000000-0000-0000-0000-000000000000"
password: ${{ env.DOCKER_TOKEN }}
- uses: ./.github/actions/publishAndLog
with:
profile: azure
variant: azure-managed-identity
github:
name: GitHub Package Registry
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup .NET SDK
uses: actions/setup-dotnet@v2
- name: Log in to container registry
uses: azure/docker-login@v1
with:
login-server: ghcr.io
username: baronfel
password: ${{ secrets.GITHUB_TOKEN }}
- uses: ./.github/actions/publishAndLog
with:
profile: github
github-raw:
name: GitHub Package Registry - Raw CLI calls
runs-on: ubuntu-latest
env:
SDK_CONTAINER_REGISTRY_CHUNKED_UPLOAD: true
steps:
- uses: actions/checkout@v4
- name: Setup .NET SDK
uses: actions/setup-dotnet@v2
- name: Log in to container registry via docker CLI
run: echo '${{ secrets.GITHUB_TOKEN }}' | docker login ghcr.io -u baronfel --password-stdin
- uses: ./.github/actions/publishAndLog
with:
profile: github
variant: docker-cli
aws-private:
name: AWS ECR (Private)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup .NET SDK
uses: actions/setup-dotnet@v2
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
with:
mask-password: true
- uses: ./.github/actions/publishAndLog
with:
profile: aws-private
aws-private-credhelper:
name: AWS ECR (Private) with Docker Credential Helper
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup .NET SDK
uses: actions/setup-dotnet@v2
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: install ECR Credential Provider
run: |
go install github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login@latest
echo "$(go env GOPATH)" >> $GITHUB_PATH
- name: setup ECR Credential Provider
run: |
echo "DOCKER_CONFIG=$PWD/ecr-example" >> "$GITHUB_ENV"
- uses: ./.github/actions/publishAndLog
with:
profile: aws-private
aws-public:
name: AWS ECR (Public)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup .NET SDK
uses: actions/setup-dotnet@v2
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
with:
registry-type: public
mask-password: true
- uses: ./.github/actions/publishAndLog
with:
profile: aws-public
chunked: false
gitlab:
name: GitLab Container Registry
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup .NET SDK
uses: actions/setup-dotnet@v2
- name: Log in to container registry
uses: azure/docker-login@v1
with:
login-server: registry.gitlab.com
username: chet.husk
password: ${{ secrets.GITLAB_CONTAINER_PAT }}
- uses: ./.github/actions/publishAndLog
with:
profile: gitlab
gcp:
name: Google Cloud Artifact Registry
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup .NET SDK
uses: actions/setup-dotnet@v2
# Setup gcloud CLI
- uses: google-github-actions/auth@v1
with:
credentials_json: ${{ secrets.GOOGLE_CLOUD_SERVICE_ACCOUNT_KEY }}
# Configure docker to use the gcloud command-line tool as a credential helper
- run: gcloud auth configure-docker us-south1-docker.pkg.dev
- uses: ./.github/actions/publishAndLog
with:
profile: gcp
chunked: false # GCP doesn't support chunking at all, so don't test that method
localdocker:
name: Local Docker Daemon
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup .NET SDK
uses: actions/setup-dotnet@v2
- uses: ./.github/actions/publishAndLog
with:
profile: localdocker
- name: List images
run: docker image list --all
- name: List images (podman)
run: podman image list --all
localdocker-trimmedandchiseled:
name: Local Docker Daemon, Chiseled Ubuntu container
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup .NET SDK
uses: actions/setup-dotnet@v2
- uses: ./.github/actions/publishAndLog
with:
profile: localdocker
variant: trimmedandchiseled
selfContained: "true"
- name: List images
run: docker image list --all
- name: List images (podman)
run: podman image list --all
localpodman:
name: Local Podman installation
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup .NET SDK
uses: actions/setup-dotnet@v2
- uses: ./.github/actions/publishAndLog
with:
profile: localpodman
- name: List images (podman)
run: podman image list --all
- name: List images (docker)
run: docker image list --all
dockerhub:
name: Push to Docker hub
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup .NET SDK
uses: actions/setup-dotnet@v2
- name: Log in to container registry
uses: azure/docker-login@v1
with:
login-server: registry-1.docker.io
username: chusk3
password: ${{ secrets.DOCKERHUB_PAT }}
- uses: ./.github/actions/publishAndLog
with:
profile: dockerhub
quay:
name: Push to Quay.io
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup .NET SDK
uses: actions/setup-dotnet@v2
- name: Log in to container registry
uses: azure/docker-login@v1
with:
login-server: quay.io
username: baronfel
password: ${{ secrets.QUAY_PAT }}
- uses: ./.github/actions/publishAndLog
with:
profile: quay
harbor:
name: Push to Harbor
runs-on: ubuntu-latest
# harbor is disabled because we don't have a persistent account/location to push to
if: false
steps:
- uses: actions/checkout@v4
- name: Setup .NET SDK
uses: actions/setup-dotnet@v2
- name: Log in to container registry
uses: azure/docker-login@v1
with:
login-server: demo.goharbor.io
username: "robot$net-sdk-container-demo+push-daemon"
password: ${{ secrets.HARBOR_PASSWORD }}
- uses: ./.github/actions/publishAndLog
with:
profile: harbor
dockerfile:
name: Build Dockerfile as a comparison
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: publish self-contained
uses: docker/build-push-action@v4
with:
context: ./src/sdk-container-demo
tags: chusk3/net-sdk-container-demo:dockerfile
file: ./src/sdk-container-demo/Dockerfile-sc
- name: publish framework-dependent
uses: docker/build-push-action@v4
with:
context: ./src/sdk-container-demo
tags: chusk3/net-sdk-container-demo:dockerfile
file: ./src/sdk-container-demo/Dockerfile-fdd
local-archive:
name: Publish an image to a local archive and read it in
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup .NET SDK
uses: actions/setup-dotnet@v3
- name: Publish container to an archive
working-directory: ./src/sdk-container-demo
run: |
mkdir images \
&& dotnet publish -t:PublishContainer -p ContainerArchiveOutputPath=images /bl -r linux-x64 /check
- name: List tarballs
run: ls -l ./src/sdk-container-demo/images
- name: Load image into Docker
run: docker load -i ./src/sdk-container-demo/images/*
- name: Show loaded image
run: docker image list sdk-container-demo