From 97ea25ea0e4865bb08ae5890ea428ae4ba192298 Mon Sep 17 00:00:00 2001 From: "Masih H. Derkani" Date: Wed, 25 Dec 2024 16:41:55 +0000 Subject: [PATCH] Remove AWS ECR and their CI publication workflow We no longer deploy images published to AWS ECR. Remove the repositories and the associated CI workflows. All their existing users should use GitHub Container Registry instead. --- .github/workflows/ecr-publisher-release.yml | 48 ------------------- .github/workflows/ecr-publisher.yml | 52 --------------------- deploy/infrastructure/common/ecr.tf | 14 +----- deploy/infrastructure/common/ecr_public.tf | 28 ----------- 4 files changed, 1 insertion(+), 141 deletions(-) delete mode 100644 .github/workflows/ecr-publisher-release.yml delete mode 100644 .github/workflows/ecr-publisher.yml delete mode 100755 deploy/infrastructure/common/ecr_public.tf diff --git a/.github/workflows/ecr-publisher-release.yml b/.github/workflows/ecr-publisher-release.yml deleted file mode 100644 index 2392eded4..000000000 --- a/.github/workflows/ecr-publisher-release.yml +++ /dev/null @@ -1,48 +0,0 @@ -# Publishes storetheindex container images to the private AWS ECR. -# The published images use whatever version is in the `version.json` as tag. -# This is to work around unified CI creating releases too which will not trigger -# other workflows as the release creator is a bot. -name: ECR - -on: - workflow_dispatch: { } - push: - paths: - - 'version.json' - branches: - - main - -jobs: - publisher: - if: ${{ github.event.pusher.name != 'sti-bot' }} - name: Publish Release - runs-on: ubuntu-latest - permissions: - id-token: write - contents: read - env: - ECR_REGISTRY: 407967248065.dkr.ecr.us-east-2.amazonaws.com/storetheindex - steps: - - name: Checkout - uses: actions/checkout@v2 - - id: version - name: Determine Container Tag - run: | - VERSION="$(jq -r .version version.json)" - IMAGE_TAG="${VERSION#v}" - echo "Using image tag: ${IMAGE_TAG}" - echo "IMAGE_TAG=${IMAGE_TAG}" >> $GITHUB_ENV - - name: AWS Login - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-region: us-east-2 - role-to-assume: "arn:aws:iam::407967248065:role/common/github_actions" - role-duration-seconds: 1200 - - name: Login to Amazon ECR - run: aws ecr get-login-password | docker login --username AWS --password-stdin ${ECR_REGISTRY} - - name: Publish Container Image - run: | - IMAGE_NAME="${ECR_REGISTRY}/storetheindex:${IMAGE_TAG}" - docker build -t "${IMAGE_NAME}" . - docker push "${IMAGE_NAME}" - echo "Published image ${IMAGE_NAME}" diff --git a/.github/workflows/ecr-publisher.yml b/.github/workflows/ecr-publisher.yml deleted file mode 100644 index fcf4bb316..000000000 --- a/.github/workflows/ecr-publisher.yml +++ /dev/null @@ -1,52 +0,0 @@ -# Publishes storetheindex container images to the private AWS ECR. -# The images published to ECR are used in Kubernetes clusters to server cid.contact. -name: ECR - -on: - # The tags in this repo are pushed via CI, the push events for which will not trigger workflows. - # However, releases are created by contributors, hence the use of release event to build images. - release: - types: - - published - push: - paths-ignore: - - 'deploy/**' - - 'doc/**' - branches: - - main - -jobs: - publisher: - if: ${{ github.event.pusher.name != 'sti-bot' }} - name: Publish - runs-on: ubuntu-latest - permissions: - id-token: write - contents: read - env: - ECR_REGISTRY: 407967248065.dkr.ecr.us-east-2.amazonaws.com/storetheindex - steps: - - name: Checkout - uses: actions/checkout@v2 - - name: Determine Container Tag - run: | - IMAGE_TAG="${GITHUB_REF#refs/tags/v}" - if test "${IMAGE_TAG}" = "${GITHUB_REF}"; then - IMAGE_TAG="$(date '+%Y%m%d%H%M%S')-${GITHUB_SHA}" - fi - echo "Using image tag: ${IMAGE_TAG}" - echo "IMAGE_TAG=${IMAGE_TAG}" >> $GITHUB_ENV - - name: AWS Login - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-region: us-east-2 - role-to-assume: "arn:aws:iam::407967248065:role/common/github_actions" - role-duration-seconds: 1200 - - name: Login to Amazon ECR - run: aws ecr get-login-password | docker login --username AWS --password-stdin ${ECR_REGISTRY} - - name: Publish Container Image - run: | - IMAGE_NAME="${ECR_REGISTRY}/storetheindex:${IMAGE_TAG}" - docker build -t "${IMAGE_NAME}" . - docker push "${IMAGE_NAME}" - echo "Published image ${IMAGE_NAME}" diff --git a/deploy/infrastructure/common/ecr.tf b/deploy/infrastructure/common/ecr.tf index 1bb790878..a487d1152 100644 --- a/deploy/infrastructure/common/ecr.tf +++ b/deploy/infrastructure/common/ecr.tf @@ -1,18 +1,6 @@ module "ecr_ue2" { source = "../modules/ecr" - repositories = [ - "storetheindex/storetheindex", - "index-observer/index-observer", - "index-provider/index-provider", - "indexstar/indexstar", - "ipni/heyfil", - "ipni/dhstore", - "ipni/caskadht", - "ipni/dhfind", - "ipni/lookout", - "ipni/cassette", - "ipni/telemetry", - ] + repositories = [] tags = local.tags } diff --git a/deploy/infrastructure/common/ecr_public.tf b/deploy/infrastructure/common/ecr_public.tf deleted file mode 100755 index 1796b6df7..000000000 --- a/deploy/infrastructure/common/ecr_public.tf +++ /dev/null @@ -1,28 +0,0 @@ -locals { - # ECR public repositories will be added to the `storetheindex` ECR registry under: - # - public.ecr.aws/storetheindex/ - ecr_public_repositories = { - index-provider : { - about_text = "Index Provider to Network Indexer Protocol" - architectures = ["amd64"] - description = "https://github.com/filecoin-project/index-provider" - operating_systems = ["Linux"] - } - } -} - -resource "aws_ecrpublic_repository" "this" { - # ECR public repositories are only available in us-east-1. - provider = aws.use1 - for_each = local.ecr_public_repositories - repository_name = each.key - - catalog_data { - about_text = lookup(each.value, "about_text", "") - architectures = lookup(each.value, "architectures", []) - description = lookup(each.value, "description", "") - operating_systems = lookup(each.value, "operating_systems", []) - usage_text = lookup(each.value, "usage_text", "") - logo_image_blob = lookup(each.value, "logo_image_blob", "") - } -}