Remove dockerImageRegistry setting/option

tinglesoftware · Sep 11, 2023 · 3bce871 · 3bce871
1 parent 8a59476
commit 3bce871
Show file tree

Hide file tree

Showing 6 changed files with 6 additions and 59 deletions.
diff --git a/docs/server.md b/docs/server.md
@@ -66,7 +66,6 @@ The deployment exposes the following parameters that can be tuned to suit the se
 |autoApprove|Whether to automatically approve created pull requests.|No|false|
 |jobHostType|Where to host new update jobs. Update jobs are run independent of the server. In the future, `ContainerApps` would be supported or the selection of type be removed. See [upcoming jobs support](https://github.com/microsoft/azure-container-apps/issues/526). Working with `ContainerInstances` is easy, because the instances run to completion and the server cleans up after it.|No|`ContainerInstances`|
 |notificationsPassword|The password used to authenticate incoming requests from Azure DevOps|No|&lt;auto-generated&gt;|
-|dockerImageRegistry|The docker registry to use when pulling the docker containers if needed. By default this will GitHub Container Registry. This can be useful if the container needs to come from an internal docker registry mirror or alternative source for testing. If the registry requires authentication ensure to assign `acrPull` permissions to the managed identity.<br />Example: `contoso.azurecr.io`|No|`ghcr.io`|
 |serverImageRepository|The docker container repository to use when pulling the server docker container. This can be useful if the default container requires customizations such as custom certs.|No|`tinglesoftware/dependabot-server`|
 |serverImageTag|The image tag to use when pulling the docker container. A tag also defines the version. You should avoid using `latest`. Example: `1.1.0`|No|&lt;version-downloaded&gt;|
 |updaterImageTag|The image tag to use when pulling the updater docker container. A tag also defines the version. You should avoid using `latest`. Example: `1.1.0`|No|&lt;version-downloaded&gt;|

diff --git a/extension/task/index.ts b/extension/task/index.ts
@@ -225,27 +225,8 @@ async function run() {
         dockerRunner.arg(['--mount', `type=bind,source=/ssh-agent,target=/ssh-agent`]);
       }
 
-      let dockerImageRegistry = variables.dockerImageRegistry;
-      if (variables.dockerImageRegistry) {
-        if (dockerImageRegistry !== 'ghcr.io') { // skip known default value
-          tl.warning(
-            `
-          You supplied the dockerImageRegistry input but it is set to be removed.
-          \n
-          If you have a compelling enough reason why it should be retained, air your views
-          at https://github.com/tinglesoftware/dependabot-azure-devops/issues/736
-          \n
-          Do this before Monday, 11 September, 2023 when we intend to throw errors if the input is set or ignore it altogether.
-          `);
-        }
-      } else {
-        dockerImageRegistry = 'ghcr.io';
-      }
-
-      // Form the docker image based on the ecosystem (repository) and the tag e.g. tinglesoftware/dependabot-updater-nuget
-      // For custom/enterprise registries, prefix with the registry, e.g. contoso.azurecr.io/tinglesoftware/dependabot-updater-nuget
-      let dockerImage: string = `tinglesoftware/dependabot-updater-${update.packageEcosystem}:${variables.dockerImageTag}`
-      dockerImage = `${dockerImageRegistry}/${dockerImage}`.replace("//", "/");
+      // Form the docker image based on the ecosystem
+      let dockerImage = `ghcr.io/tinglesoftware/dependabot-updater-${update.packageEcosystem}:${variables.dockerImageTag}`;
 
       tl.debug(`Running docker container -> '${dockerImage}' ...`);
       dockerRunner.arg(dockerImage);

diff --git a/extension/task/task.json b/extension/task/task.json
@@ -207,14 +207,6 @@
       "required": false,
       "helpMarkDown": "Exclude certain dependency updates requirements. See list of allowed values [here](https://github.com/dependabot/dependabot-core/issues/600#issuecomment-407808103). Useful if you have lots of dependencies and the update script too slow. The values provided are space-separated. Example: `own all` to only use the `none` version requirement."
     },
-    {
-      "name": "dockerImageRegistry",
-      "type": "string",
-      "label": "Container registry override",
-      "groupName": "advanced",
-      "helpMarkDown": "The docker registry to use when pulling the docker container used by the task if needed. By default this will use GHCR. This can be useful if the container needs to come from an internal docker registry mirror or alternative source for testing. If the mirror requires authentication add a `docker login` task before this task. Example: `contoso.azurecr.io`",
-      "required": false
-    },
     {
       "name": "dockerImageTag",
       "type": "string",

diff --git a/extension/task/utils/getSharedVariables.ts b/extension/task/utils/getSharedVariables.ts
@@ -64,8 +64,6 @@ export interface ISharedVariables {
   /** Flag used to forward the host ssh socket */
   forwardHostSshSocket: boolean;
 
-  /** Registry of the docker image to be pulled */
-  dockerImageRegistry: string | undefined;
   /** Tag of the docker image to be pulled */
   dockerImageTag: string;
 }
@@ -143,7 +141,6 @@ export default function getSharedVariables(): ISharedVariables {
   );
 
   // Prepare variables for the docker image to use
-  let dockerImageRegistry: string | undefined = tl.getInput("dockerImageRegistry");
   let dockerImageTag: string = getDockerImageTag();
 
   return {
@@ -180,7 +177,6 @@ export default function getSharedVariables(): ISharedVariables {
     extraEnvironmentVariables,
     forwardHostSshSocket,
 
-    dockerImageRegistry,
     dockerImageTag,
   };
 }
diff --git a/server/main.bicep b/server/main.bicep
@@ -62,9 +62,6 @@ param jobsResourceGroupName string = resourceGroup().name
 #disable-next-line secure-secrets-in-params // need sensible defaults
 param notificationsPassword string = uniqueString('service-hooks', resourceGroup().id) // e.g. zecnx476et7xm (13 characters)
 
-@description('Registry of the docker image. E.g. "contoso.azurecr.io". Leave empty unless you have a private registry mirroring the image from GHCR')
-param dockerImageRegistry string = 'ghcr.io'
-
 @description('Registry and repository of the server docker image. Ideally, you do not need to edit this value.')
 param serverImageRepository string = 'tinglesoftware/dependabot-server'
 
@@ -99,8 +96,6 @@ param maxReplicas int = 1
 
 var sqlServerAdministratorLogin = uniqueString(resourceGroup().id) // e.g. zecnx476et7xm (13 characters)
 var sqlServerAdministratorLoginPassword = '${skip(uniqueString(resourceGroup().id), 5)}%${uniqueString('sql-password', resourceGroup().id)}' // e.g. abcde%zecnx476et7xm (19 characters)
-var hasDockerImageRegistry = (dockerImageRegistry != null && !empty(dockerImageRegistry))
-var isAcrServer = hasDockerImageRegistry && endsWith(dockerImageRegistry, environment().suffixes.acrLoginServer)
 var hasProvidedServiceBusNamespace = (serviceBusNamespaceId != null && !empty(serviceBusNamespaceId))
 var hasProvidedStorageAccount = (storageAccountId != null && !empty(storageAccountId))
 var hasProvidedLogAnalyticsWorkspace = (logAnalyticsWorkspaceId != null && !empty(logAnalyticsWorkspaceId))
@@ -293,12 +288,6 @@ resource app 'Microsoft.App/containerApps@2022-10-01' = {
           }
         ]
       }
-      registries: isAcrServer ? [
-        {
-          identity: managedIdentity.id
-          server: dockerImageRegistry
-        }
-      ] : []
       secrets: [
         { name: 'connection-strings-application-insights', value: appInsights.properties.ConnectionString }
         {
@@ -326,7 +315,7 @@ resource app 'Microsoft.App/containerApps@2022-10-01' = {
     template: {
       containers: [
         {
-          image: '${'${hasDockerImageRegistry ? '${dockerImageRegistry}/' : ''}'}${serverImageRepository}:${serverImageTag}'
+          image: 'ghcr.io/${serverImageRepository}:${serverImageTag}'
           name: 'dependabot'
           env: [
             { name: 'AZURE_CLIENT_ID', value: managedIdentity.properties.clientId } // Specifies the User-Assigned Managed Identity to use. Without this, the app attempt to use the system assigned one.
@@ -357,7 +346,7 @@ resource app 'Microsoft.App/containerApps@2022-10-01' = {
             }
             { name: 'Workflow__LogAnalyticsWorkspaceKey', secretRef: 'log-analytics-workspace-key' }
             { name: 'Workflow__ManagedIdentityId', value: managedIdentityJobs.id }
-            { name: 'Workflow__UpdaterContainerImageTemplate', value: '${'${hasDockerImageRegistry ? '${dockerImageRegistry}/' : ''}'}tinglesoftware/dependabot-updater-{{ecosystem}}:${updaterImageTag}' }
+            { name: 'Workflow__UpdaterContainerImageTemplate', value: 'ghcr.io/tinglesoftware/dependabot-updater-{{ecosystem}}:${updaterImageTag}' }
             { name: 'Workflow__FailOnException', value: failOnException ? 'true' : 'false' }
             { name: 'Workflow__AutoComplete', value: autoComplete ? 'true' : 'false' }
             { name: 'Workflow__AutoCompleteIgnoreConfigs', value: join(autoCompleteIgnoreConfigs, ';') }

diff --git a/server/main.json b/server/main.json
@@ -126,13 +126,6 @@
         "description": "Password for Webhooks, ServiceHooks, and Notifications from Azure DevOps."
       }
     },
-    "dockerImageRegistry": {
-      "type": "string",
-      "defaultValue": "ghcr.io",
-      "metadata": {
-        "description": "Registry of the docker image. E.g. \"contoso.azurecr.io\". Leave empty unless you have a private registry mirroring the image from GHCR"
-      }
-    },
     "serverImageRepository": {
       "type": "string",
       "defaultValue": "tinglesoftware/dependabot-server",
@@ -204,8 +197,6 @@
   "variables": {
     "sqlServerAdministratorLogin": "[uniqueString(resourceGroup().id)]",
     "sqlServerAdministratorLoginPassword": "[format('{0}%{1}', skip(uniqueString(resourceGroup().id), 5), uniqueString('sql-password', resourceGroup().id))]",
-    "hasDockerImageRegistry": "[and(not(equals(parameters('dockerImageRegistry'), null())), not(empty(parameters('dockerImageRegistry'))))]",
-    "isAcrServer": "[and(variables('hasDockerImageRegistry'), endsWith(parameters('dockerImageRegistry'), environment().suffixes.acrLoginServer))]",
     "hasProvidedServiceBusNamespace": "[and(not(equals(parameters('serviceBusNamespaceId'), null())), not(empty(parameters('serviceBusNamespaceId'))))]",
     "hasProvidedStorageAccount": "[and(not(equals(parameters('storageAccountId'), null())), not(empty(parameters('storageAccountId'))))]",
     "hasProvidedLogAnalyticsWorkspace": "[and(not(equals(parameters('logAnalyticsWorkspaceId'), null())), not(empty(parameters('logAnalyticsWorkspaceId'))))]",
@@ -387,7 +378,6 @@
               }
             ]
           },
-          "registries": "[if(variables('isAcrServer'), createArray(createObject('identity', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), 'server', parameters('dockerImageRegistry'))), createArray())]",
           "secrets": [
             {
               "name": "connection-strings-application-insights",
@@ -414,7 +404,7 @@
         "template": {
           "containers": [
             {
-              "image": "[format('{0}{1}:{2}', format('{0}', if(variables('hasDockerImageRegistry'), format('{0}/', parameters('dockerImageRegistry')), '')), parameters('serverImageRepository'), parameters('serverImageTag'))]",
+              "image": "[format('ghcr.io/{0}:{1}', parameters('serverImageRepository'), parameters('serverImageTag'))]",
               "name": "dependabot",
               "env": [
                 {
@@ -483,7 +473,7 @@
                 },
                 {
                   "name": "Workflow__UpdaterContainerImageTemplate",
-                  "value": "[format('{0}tinglesoftware/dependabot-updater-{{{{ecosystem}}}}:{1}', format('{0}', if(variables('hasDockerImageRegistry'), format('{0}/', parameters('dockerImageRegistry')), '')), parameters('updaterImageTag'))]"
+                  "value": "[format('ghcr.io/tinglesoftware/dependabot-updater-{{{{ecosystem}}}}:{0}', parameters('updaterImageTag'))]"
                 },
                 {
                   "name": "Workflow__FailOnException",