kbst · pst · Dec 9, 2024 · Dec 9, 2024 · Dec 9, 2024 · Dec 9, 2024
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -12,29 +12,36 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - name: 'Checkout'
-      uses: actions/checkout@v3
+    - name: "Checkout"
+      uses: actions/checkout@v4
 
-    - name: 'Setup buildx'
-      uses: docker/setup-buildx-action@v2
+    - name: "Setup buildx"
+      uses: docker/setup-buildx-action@v3
       with:
         install: true
 
-    - name: 'Docker login'
-      uses: docker/login-action@v2
+    - name: "Docker login docker.io"
+      uses: docker/login-action@v3
       with:
         username: kbstci
         password: ${{ secrets.DOCKER_AUTH }}
 
-    - name: 'Build artifacts'
+    - name: "Docker login ghcr.io"
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: "Build artifacts"
       env:
         DOCKER_PUSH: true
         GIT_SHA: ${{ github.sha }}
         GIT_REF: ${{ github.ref }}
       run: make dist
 
-    - name: 'Upload artifacts'
-      uses: actions/upload-artifact@v3
+    - name: "Upload artifacts"
+      uses: actions/upload-artifact@v4
       with:
         name: test-artifacts
         path: ./quickstart/_dist
@@ -44,95 +51,109 @@ jobs:
     needs: [build-test-artifacts]
     strategy:
       matrix:
-        starter: ["multi-cloud", "aks", "eks", "gke" ,"kind"]
+        starter: ["multi-cloud", "aks", "eks", "gke", "kind"]
 
     permissions:
       id-token: write # needed for keyless signing
 
     steps:
-    - name: 'Free disk space'
+    - name: "Free disk space"
       # https://github.com/actions/runner-images/issues/2840#issuecomment-790492173
       run: |
         sudo rm -rf /usr/share/dotnet
         sudo rm -rf /opt/ghc
         sudo rm -rf /usr/local/share/boost
         sudo rm -rf $AGENT_TOOLSDIRECTORY
 
-    - name: 'Checkout'
-      uses: actions/checkout@v3
+    - name: "Checkout"
+      uses: actions/checkout@v4
 
-    - name: 'Download test-artifacts'
-      uses: actions/download-artifact@v3
+    - name: "Download test-artifacts"
+      uses: actions/download-artifact@v4
       with:
         name: test-artifacts
         path: ./quickstart/_dist
 
     - name: Install Cosign
-      uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 #v3.3.0
+      uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 #v3.7.0
 
-    - name: 'Setup buildx'
-      uses: docker/setup-buildx-action@v2
+    - name: "Setup buildx"
+      uses: docker/setup-buildx-action@v3
       with:
         install: true
 
-    - name: 'Docker login'
-      uses: docker/login-action@v2
+    - name: "Docker login docker.io"
+      uses: docker/login-action@v3
       with:
         username: kbstci
         password: ${{ secrets.DOCKER_AUTH }}
 
+    - name: "Docker login ghcr.io"
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
     - name: Build ${{ matrix.starter }} image
       env:
         DOCKER_PUSH: true
         DOCKER_TARGET: ${{ matrix.starter }}
       run: make build
 
-    - name: 'Sign Images'
+    - name: "Sign Images"
       env:
         COSIGN_EXPERIMENTAL: true
       run: |
-        cosign sign --yes -a GIT_HASH=${{ github.sha }} -a GIT_REF=${{ github.ref }} kubestack/framework-dev:test-${{ github.sha }}-${{ matrix.starter }}
+        cosign sign --yes -a GIT_HASH=${{ github.sha }} -a GIT_REF=${{ github.ref }} ghcr.io/kbst/terraform-kubestack/dev:test-${{ github.sha }}-${{ matrix.starter }}
 
   test:
     runs-on: ubuntu-latest
     needs: [build-test-artifacts, build-image]
     strategy:
       fail-fast: false
       matrix:
-        starter: ["multi-cloud", "aks", "eks", "gke" ,"kind"]
+        starter: ["multi-cloud", "aks", "eks", "gke", "kind"]
 
     steps:
-    - name: 'Download test-artifacts'
-      uses: actions/download-artifact@v3
+    - name: "Download test-artifacts"
+      uses: actions/download-artifact@v4
       with:
         name: test-artifacts
         path: ./quickstart/_dist
 
-    - name: 'Unzip ${{ matrix.starter }} quickstart'
+    - name: "Unzip ${{ matrix.starter }} quickstart"
       run: |
         unzip quickstart/_dist/kubestack-starter-${{ matrix.starter }}-*.zip
 
-    - name: 'Docker login'
-      uses: docker/login-action@v2
+    - name: "Docker login docker.io"
+      uses: docker/login-action@v3
       with:
         username: kbstci
         password: ${{ secrets.DOCKER_AUTH }}
 
-    - name: 'Docker build'
+    - name: "Docker login ghcr.io"
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: "Docker build"
       env:
         DOCKER_BUILDKIT: 1
       working-directory: ./kubestack-starter-${{ matrix.starter }}
       # retagging here is necessary because we only push images
       # to kubestack/framework after they have been tested
       # but the Dockerfiles in the artifact have the target image name
       run: |
-        SOURCE_IMAGE=kubestack/framework-dev:test-${{ github.sha }}-${{ matrix.starter }}
+        SOURCE_IMAGE=ghcr.io/kbst/terraform-kubestack/dev:test-${{ github.sha }}-${{ matrix.starter }}
         docker pull $SOURCE_IMAGE
         TARGET_IMAGE=$(cat Dockerfile | sed 's/FROM //')
         docker tag $SOURCE_IMAGE $TARGET_IMAGE
         docker build -t test-image:${{ github.sha }} .
 
-    - name: 'Configure Kubestack for ${{ matrix.starter }}'
+    - name: "Configure Kubestack for ${{ matrix.starter }}"
       working-directory: ./kubestack-starter-${{ matrix.starter }}
       run: |
         # ALL: set name_prefix
@@ -159,31 +180,31 @@ jobs:
         # GKE: set cluster_node_locations
         sed -i 's/cluster_node_locations = ""/cluster_node_locations = "europe-west1-b,europe-west1-c,europe-west1-d"/g' gke_zero_cluster.tf || true
 
-    - name: 'Terraform init'
+    - name: "Terraform init"
       working-directory: ./kubestack-starter-${{ matrix.starter }}
       run: |
         docker run --rm \
           -v `pwd`:/infra \
           test-image:${{ github.sha }} \
           terraform init
 
-    - name: 'Terraform workspace new ops'
+    - name: "Terraform workspace new ops"
       working-directory: ./kubestack-starter-${{ matrix.starter }}
       run: |
         docker run --rm \
           -v `pwd`:/infra \
           test-image:${{ github.sha }} \
           terraform workspace new ops
 
-    - name: 'Terraform validate'
+    - name: "Terraform validate"
       working-directory: ./kubestack-starter-${{ matrix.starter }}
       run: |
         docker run --rm \
           -v `pwd`:/infra \
           test-image:${{ github.sha }} \
           terraform validate
 
-    - name: 'Terraform plan'
+    - name: "Terraform plan"
       working-directory: ./kubestack-starter-${{ matrix.starter }}
       env:
         KBST_AUTH_AWS: ${{ secrets.KBST_AUTH_AWS }}
@@ -203,34 +224,40 @@ jobs:
     runs-on: ubuntu-latest
     needs: [test]
 
-
     strategy:
       matrix:
-        starter: ["multi-cloud", "aks", "eks", "gke" ,"kind"]
+        starter: ["multi-cloud", "aks", "eks", "gke", "kind"]
 
     steps:
-    - name: 'Download test-artifacts'
-      uses: actions/download-artifact@v3
+    - name: "Download test-artifacts"
+      uses: actions/download-artifact@v4
       with:
         name: test-artifacts
         path: ./quickstart/_dist
 
     - name: Install Cosign
-      uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 #v3.3.0
+      uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 #v3.7.0
 
-    - name: 'Docker login'
-      uses: docker/login-action@v2
+    - name: "Docker login docker.io"
+      uses: docker/login-action@v3
       with:
         username: kbstci
         password: ${{ secrets.DOCKER_AUTH }}
 
-    - name: 'Docker push'
+    - name: "Docker login ghcr.io"
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: "Docker push"
       # cosign copy copies the images and the signature from one place to another
       # then we dont need to sign again the same image
       env:
         COSIGN_EXPERIMENTAL: true
       run: |
-        SOURCE_IMAGE=kubestack/framework-dev:test-${{ github.sha }}-${{ matrix.starter }}
+        SOURCE_IMAGE=ghcr.io/kbst/terraform-kubestack/dev:test-${{ github.sha }}-${{ matrix.starter }}
         TARGET_IMAGE=$(cat quickstart/_dist/kubestack-starter-${{ matrix.starter }}/Dockerfile | sed 's/FROM //')
         echo "Source image $SOURCE_IMAGE will be pushed to $TARGET_IMAGE"
         cosign copy $SOURCE_IMAGE $TARGET_IMAGE
@@ -246,27 +273,27 @@ jobs:
 
     strategy:
       matrix:
-        starter: ["multi-cloud", "aks", "eks", "gke" ,"kind"]
+        starter: ["multi-cloud", "aks", "eks", "gke", "kind"]
 
     steps:
-    - name: 'Download test-artifacts'
-      uses: actions/download-artifact@v3
+    - name: "Download test-artifacts"
+      uses: actions/download-artifact@v4
       with:
         name: test-artifacts
         path: ./quickstart/_dist
 
     - name: Install Cosign
-      uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 #v3.3.0
+      uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 #v3.7.0
 
-    - id: 'auth'
-      uses: 'google-github-actions/auth@v1'
+    - id: "auth"
+      uses: google-github-actions/auth@v2
       with:
         credentials_json: ${{ secrets.GCLOUD_AUTH }}
 
-    - name: 'Setup gcloud'
-      uses: google-github-actions/setup-gcloud@v1
+    - name: "Setup gcloud"
+      uses: google-github-actions/setup-gcloud@v2
 
-    - name: 'Publish ${{ matrix.starter }} starter'
+    - name: "Publish ${{ matrix.starter }} starter"
       env:
         COSIGN_EXPERIMENTAL: true
       run: |

diff --git a/Makefile b/Makefile
@@ -8,9 +8,9 @@ DOCKER_TARGET ?= multi-cloud
 
 ifeq ("${DOCKER_PUSH}", "true")
 BUILD_PLATFORM := --platform linux/arm64,linux/amd64
-BUILD_CACHE_DIST := --cache-to type=registry,mode=max,ref=kubestack/framework-dev:buildcache-dist-helper,push=${DOCKER_PUSH}
+BUILD_CACHE_DIST := --cache-to type=registry,mode=max,ref=ghcr.io/kbst/terraform-kubestack/dev:buildcache-dist-helper,push=${DOCKER_PUSH}
 BUILD_OUTPUT := --output type=registry,push=${DOCKER_PUSH}
-BUILD_CACHE := --cache-to type=registry,mode=max,ref=kubestack/framework-dev:buildcache-${DOCKER_TARGET},push=${DOCKER_PUSH}
+BUILD_CACHE := --cache-to type=registry,mode=max,ref=ghcr.io/kbst/terraform-kubestack/dev:buildcache-${DOCKER_TARGET},push=${DOCKER_PUSH}
 else
 BUILD_PLATFORM := 
 BUILD_OUTPUT := --output type=docker
@@ -24,7 +24,7 @@ dist:
 		--build-arg GIT_SHA=${GIT_SHA} \
 		--file oci/Dockerfile \
 		--output type=docker \
-		--cache-from type=registry,ref=kubestack/framework-dev:buildcache-dist-helper \
+		--cache-from type=registry,ref=ghcr.io/kbst/terraform-kubestack/dev:buildcache-dist-helper \
 		${BUILD_CACHE_DIST} \
 		--progress plain \
 		-t dist-helper:latest \
@@ -47,11 +47,11 @@ build:
 		--build-arg GIT_SHA=${GIT_SHA} \
 		--file oci/Dockerfile \
 		${BUILD_OUTPUT} \
-		--cache-from type=registry,ref=kubestack/framework-dev:buildcache-${DOCKER_TARGET} \
+		--cache-from type=registry,ref=ghcr.io/kbst/terraform-kubestack/dev:buildcache-${DOCKER_TARGET} \
 		${BUILD_CACHE} \
 		--progress plain \
 		--target ${DOCKER_TARGET} \
-		-t kubestack/framework-dev:test-$(GIT_SHA)-${DOCKER_TARGET} \
+		-t ghcr.io/kbst/terraform-kubestack/dev:test-$(GIT_SHA)-${DOCKER_TARGET} \
 		.
 
 validate: .init
@@ -97,7 +97,7 @@ shell: .check-container
 		-e KBST_AUTH_GCLOUD \
 		-e HOME=/infra/tests/.user \
 		--workdir /infra/tests \
-		kubestack/framework-dev:test-$(GIT_SHA)-${DOCKER_TARGET} \
+		ghcr.io/kbst/terraform-kubestack/dev:test-$(GIT_SHA)-${DOCKER_TARGET} \
 		sleep infinity
 
 .stop-container: