Building and Pushing to MCR #117
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This Github Action will build and publish images to Azure Container Registry(ACR), from where the published images will be | |
# automatically pushed to the trusted registry, Microsoft Container Registry(MCR). | |
name: Building and Pushing to MCR | |
on: | |
workflow_dispatch: | |
inputs: | |
releaseTag: | |
description: 'Release tag to publish images, defaults to the latest one' | |
type: string | |
permissions: | |
id-token: write | |
contents: read | |
env: | |
# `public` indicates images to MCR wil be publicly available, and will be removed in the final MCR images | |
REGISTRY_REPO: public/aks/fleet | |
jobs: | |
prepare-variables: | |
runs-on: ubuntu-latest | |
outputs: | |
release_tag: ${{ steps.vars.outputs.release_tag }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: 'Set output variables' | |
id: vars | |
run: | | |
# set the image version | |
RELEASE_TAG=${{ inputs.releaseTag }} | |
if [ -z "$RELEASE_TAG" ]; then | |
RELEASE_TAG=`git describe --tags $(git rev-list --tags --max-count=1)` | |
echo "The user input release tag is empty, will use the latest tag $RELEASE_TAG." | |
fi | |
echo "release_tag=$RELEASE_TAG" >> $GITHUB_OUTPUT | |
# NOTE: As exporting a variable from a secret is not possible, the shared variable registry obtained | |
# from AZURE_REGISTRY secret is not exported from here. | |
publish-images: | |
runs-on: | |
labels: [self-hosted, "1ES.Pool=1es-aks-fleet-pool-ubuntu"] | |
needs: prepare-variables | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ needs.prepare-variables.outputs.release_tag }} | |
- name: 'Login the ACR' | |
run: | | |
az login --identity | |
az acr login -n ${{ secrets.AZURE_REGISTRY }} | |
- name: Build and publish hub-agent | |
run: | | |
make docker-build-hub-agent | |
env: | |
HUB_AGENT_IMAGE_VERSION: ${{ needs.prepare-variables.outputs.release_tag }} | |
REGISTRY: ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}} | |
- name: Build and publish member-agent | |
run: | | |
make docker-build-member-agent | |
env: | |
MEMBER_AGENT_IMAGE_VERSION: ${{ needs.prepare-variables.outputs.release_tag }} | |
REGISTRY: ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}} | |
- name: Build and publish refresh-token | |
run: | | |
make docker-build-refresh-token | |
env: | |
REFRESH_TOKEN_IMAGE_VERSION: ${{ needs.prepare-variables.outputs.release_tag }} | |
REGISTRY: ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}} |