From 58d0560811f41aa177fe64fc53b74de5e238c40b Mon Sep 17 00:00:00 2001 From: Maxwell Weru Date: Mon, 11 Sep 2023 20:32:29 +0300 Subject: [PATCH] Remove dockerImageRegistry setting/option (#780) --- docs/server.md | 1 - extension/task/index.ts | 23 ++-------------------- extension/task/task.json | 8 -------- extension/task/utils/getSharedVariables.ts | 4 ---- server/main.bicep | 15 ++------------ server/main.json | 14 ++----------- 6 files changed, 6 insertions(+), 59 deletions(-) diff --git a/docs/server.md b/docs/server.md index 7f7b749b..0cc38e49 100644 --- a/docs/server.md +++ b/docs/server.md @@ -66,7 +66,6 @@ The deployment exposes the following parameters that can be tuned to suit the se |autoApprove|Whether to automatically approve created pull requests.|No|false| |jobHostType|Where to host new update jobs. Update jobs are run independent of the server. In the future, `ContainerApps` would be supported or the selection of type be removed. See [upcoming jobs support](https://github.com/microsoft/azure-container-apps/issues/526). Working with `ContainerInstances` is easy, because the instances run to completion and the server cleans up after it.|No|`ContainerInstances`| |notificationsPassword|The password used to authenticate incoming requests from Azure DevOps|No|<auto-generated>| -|dockerImageRegistry|The docker registry to use when pulling the docker containers if needed. By default this will GitHub Container Registry. This can be useful if the container needs to come from an internal docker registry mirror or alternative source for testing. If the registry requires authentication ensure to assign `acrPull` permissions to the managed identity.
Example: `contoso.azurecr.io`|No|`ghcr.io`| |serverImageRepository|The docker container repository to use when pulling the server docker container. This can be useful if the default container requires customizations such as custom certs.|No|`tinglesoftware/dependabot-server`| |serverImageTag|The image tag to use when pulling the docker container. A tag also defines the version. You should avoid using `latest`. Example: `1.1.0`|No|<version-downloaded>| |updaterImageTag|The image tag to use when pulling the updater docker container. A tag also defines the version. You should avoid using `latest`. Example: `1.1.0`|No|<version-downloaded>| diff --git a/extension/task/index.ts b/extension/task/index.ts index 5b828060..917c26b6 100644 --- a/extension/task/index.ts +++ b/extension/task/index.ts @@ -225,27 +225,8 @@ async function run() { dockerRunner.arg(['--mount', `type=bind,source=/ssh-agent,target=/ssh-agent`]); } - let dockerImageRegistry = variables.dockerImageRegistry; - if (variables.dockerImageRegistry) { - if (dockerImageRegistry !== 'ghcr.io') { // skip known default value - tl.warning( - ` - You supplied the dockerImageRegistry input but it is set to be removed. - \n - If you have a compelling enough reason why it should be retained, air your views - at https://github.com/tinglesoftware/dependabot-azure-devops/issues/736 - \n - Do this before Monday, 11 September, 2023 when we intend to throw errors if the input is set or ignore it altogether. - `); - } - } else { - dockerImageRegistry = 'ghcr.io'; - } - - // Form the docker image based on the ecosystem (repository) and the tag e.g. tinglesoftware/dependabot-updater-nuget - // For custom/enterprise registries, prefix with the registry, e.g. contoso.azurecr.io/tinglesoftware/dependabot-updater-nuget - let dockerImage: string = `tinglesoftware/dependabot-updater-${update.packageEcosystem}:${variables.dockerImageTag}` - dockerImage = `${dockerImageRegistry}/${dockerImage}`.replace("//", "/"); + // Form the docker image based on the ecosystem + let dockerImage = `ghcr.io/tinglesoftware/dependabot-updater-${update.packageEcosystem}:${variables.dockerImageTag}`; tl.debug(`Running docker container -> '${dockerImage}' ...`); dockerRunner.arg(dockerImage); diff --git a/extension/task/task.json b/extension/task/task.json index 19235771..a6a12184 100644 --- a/extension/task/task.json +++ b/extension/task/task.json @@ -207,14 +207,6 @@ "required": false, "helpMarkDown": "Exclude certain dependency updates requirements. See list of allowed values [here](https://github.com/dependabot/dependabot-core/issues/600#issuecomment-407808103). Useful if you have lots of dependencies and the update script too slow. The values provided are space-separated. Example: `own all` to only use the `none` version requirement." }, - { - "name": "dockerImageRegistry", - "type": "string", - "label": "Container registry override", - "groupName": "advanced", - "helpMarkDown": "The docker registry to use when pulling the docker container used by the task if needed. By default this will use GHCR. This can be useful if the container needs to come from an internal docker registry mirror or alternative source for testing. If the mirror requires authentication add a `docker login` task before this task. Example: `contoso.azurecr.io`", - "required": false - }, { "name": "dockerImageTag", "type": "string", diff --git a/extension/task/utils/getSharedVariables.ts b/extension/task/utils/getSharedVariables.ts index 42700045..5dab8d86 100644 --- a/extension/task/utils/getSharedVariables.ts +++ b/extension/task/utils/getSharedVariables.ts @@ -64,8 +64,6 @@ export interface ISharedVariables { /** Flag used to forward the host ssh socket */ forwardHostSshSocket: boolean; - /** Registry of the docker image to be pulled */ - dockerImageRegistry: string | undefined; /** Tag of the docker image to be pulled */ dockerImageTag: string; } @@ -143,7 +141,6 @@ export default function getSharedVariables(): ISharedVariables { ); // Prepare variables for the docker image to use - let dockerImageRegistry: string | undefined = tl.getInput("dockerImageRegistry"); let dockerImageTag: string = getDockerImageTag(); return { @@ -180,7 +177,6 @@ export default function getSharedVariables(): ISharedVariables { extraEnvironmentVariables, forwardHostSshSocket, - dockerImageRegistry, dockerImageTag, }; } diff --git a/server/main.bicep b/server/main.bicep index 8092bf6b..ed437c72 100644 --- a/server/main.bicep +++ b/server/main.bicep @@ -62,9 +62,6 @@ param jobsResourceGroupName string = resourceGroup().name #disable-next-line secure-secrets-in-params // need sensible defaults param notificationsPassword string = uniqueString('service-hooks', resourceGroup().id) // e.g. zecnx476et7xm (13 characters) -@description('Registry of the docker image. E.g. "contoso.azurecr.io". Leave empty unless you have a private registry mirroring the image from GHCR') -param dockerImageRegistry string = 'ghcr.io' - @description('Registry and repository of the server docker image. Ideally, you do not need to edit this value.') param serverImageRepository string = 'tinglesoftware/dependabot-server' @@ -99,8 +96,6 @@ param maxReplicas int = 1 var sqlServerAdministratorLogin = uniqueString(resourceGroup().id) // e.g. zecnx476et7xm (13 characters) var sqlServerAdministratorLoginPassword = '${skip(uniqueString(resourceGroup().id), 5)}%${uniqueString('sql-password', resourceGroup().id)}' // e.g. abcde%zecnx476et7xm (19 characters) -var hasDockerImageRegistry = (dockerImageRegistry != null && !empty(dockerImageRegistry)) -var isAcrServer = hasDockerImageRegistry && endsWith(dockerImageRegistry, environment().suffixes.acrLoginServer) var hasProvidedServiceBusNamespace = (serviceBusNamespaceId != null && !empty(serviceBusNamespaceId)) var hasProvidedStorageAccount = (storageAccountId != null && !empty(storageAccountId)) var hasProvidedLogAnalyticsWorkspace = (logAnalyticsWorkspaceId != null && !empty(logAnalyticsWorkspaceId)) @@ -293,12 +288,6 @@ resource app 'Microsoft.App/containerApps@2022-10-01' = { } ] } - registries: isAcrServer ? [ - { - identity: managedIdentity.id - server: dockerImageRegistry - } - ] : [] secrets: [ { name: 'connection-strings-application-insights', value: appInsights.properties.ConnectionString } { @@ -326,7 +315,7 @@ resource app 'Microsoft.App/containerApps@2022-10-01' = { template: { containers: [ { - image: '${'${hasDockerImageRegistry ? '${dockerImageRegistry}/' : ''}'}${serverImageRepository}:${serverImageTag}' + image: 'ghcr.io/${serverImageRepository}:${serverImageTag}' name: 'dependabot' env: [ { name: 'AZURE_CLIENT_ID', value: managedIdentity.properties.clientId } // Specifies the User-Assigned Managed Identity to use. Without this, the app attempt to use the system assigned one. @@ -357,7 +346,7 @@ resource app 'Microsoft.App/containerApps@2022-10-01' = { } { name: 'Workflow__LogAnalyticsWorkspaceKey', secretRef: 'log-analytics-workspace-key' } { name: 'Workflow__ManagedIdentityId', value: managedIdentityJobs.id } - { name: 'Workflow__UpdaterContainerImageTemplate', value: '${'${hasDockerImageRegistry ? '${dockerImageRegistry}/' : ''}'}tinglesoftware/dependabot-updater-{{ecosystem}}:${updaterImageTag}' } + { name: 'Workflow__UpdaterContainerImageTemplate', value: 'ghcr.io/tinglesoftware/dependabot-updater-{{ecosystem}}:${updaterImageTag}' } { name: 'Workflow__FailOnException', value: failOnException ? 'true' : 'false' } { name: 'Workflow__AutoComplete', value: autoComplete ? 'true' : 'false' } { name: 'Workflow__AutoCompleteIgnoreConfigs', value: join(autoCompleteIgnoreConfigs, ';') } diff --git a/server/main.json b/server/main.json index 33816cbe..acc9baef 100644 --- a/server/main.json +++ b/server/main.json @@ -126,13 +126,6 @@ "description": "Password for Webhooks, ServiceHooks, and Notifications from Azure DevOps." } }, - "dockerImageRegistry": { - "type": "string", - "defaultValue": "ghcr.io", - "metadata": { - "description": "Registry of the docker image. E.g. \"contoso.azurecr.io\". Leave empty unless you have a private registry mirroring the image from GHCR" - } - }, "serverImageRepository": { "type": "string", "defaultValue": "tinglesoftware/dependabot-server", @@ -204,8 +197,6 @@ "variables": { "sqlServerAdministratorLogin": "[uniqueString(resourceGroup().id)]", "sqlServerAdministratorLoginPassword": "[format('{0}%{1}', skip(uniqueString(resourceGroup().id), 5), uniqueString('sql-password', resourceGroup().id))]", - "hasDockerImageRegistry": "[and(not(equals(parameters('dockerImageRegistry'), null())), not(empty(parameters('dockerImageRegistry'))))]", - "isAcrServer": "[and(variables('hasDockerImageRegistry'), endsWith(parameters('dockerImageRegistry'), environment().suffixes.acrLoginServer))]", "hasProvidedServiceBusNamespace": "[and(not(equals(parameters('serviceBusNamespaceId'), null())), not(empty(parameters('serviceBusNamespaceId'))))]", "hasProvidedStorageAccount": "[and(not(equals(parameters('storageAccountId'), null())), not(empty(parameters('storageAccountId'))))]", "hasProvidedLogAnalyticsWorkspace": "[and(not(equals(parameters('logAnalyticsWorkspaceId'), null())), not(empty(parameters('logAnalyticsWorkspaceId'))))]", @@ -387,7 +378,6 @@ } ] }, - "registries": "[if(variables('isAcrServer'), createArray(createObject('identity', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), 'server', parameters('dockerImageRegistry'))), createArray())]", "secrets": [ { "name": "connection-strings-application-insights", @@ -414,7 +404,7 @@ "template": { "containers": [ { - "image": "[format('{0}{1}:{2}', format('{0}', if(variables('hasDockerImageRegistry'), format('{0}/', parameters('dockerImageRegistry')), '')), parameters('serverImageRepository'), parameters('serverImageTag'))]", + "image": "[format('ghcr.io/{0}:{1}', parameters('serverImageRepository'), parameters('serverImageTag'))]", "name": "dependabot", "env": [ { @@ -483,7 +473,7 @@ }, { "name": "Workflow__UpdaterContainerImageTemplate", - "value": "[format('{0}tinglesoftware/dependabot-updater-{{{{ecosystem}}}}:{1}', format('{0}', if(variables('hasDockerImageRegistry'), format('{0}/', parameters('dockerImageRegistry')), '')), parameters('updaterImageTag'))]" + "value": "[format('ghcr.io/tinglesoftware/dependabot-updater-{{{{ecosystem}}}}:{0}', parameters('updaterImageTag'))]" }, { "name": "Workflow__FailOnException",