update github action

eclipsevortex · eclipsevortex · commit f26c2dbb2fa3 · 2025-04-27T13:38:30.000+01:00
diff --git a/.github/scripts/on_release_deleted.sh b/.github/scripts/on_release_deleted.sh
@@ -4,14 +4,15 @@ set -euo pipefail
 COMPONENT="$1"
 TAG="$2"
 VERSION="${TAG#v}"
-REPO_NAME="subvortex-${COMPONENT//_/-}"
-IMAGE="subvortex/$REPO_NAME"
+REPO_NAME="$(echo "${GITHUB_REPOSITORY}" | tr '[:upper:]' '[:lower:]')"
+COMPONENT_NAME="subvortex-${COMPONENT//_/-}"
+IMAGE="ghcr.io/${GITHUB_REPOSITORY_OWNER}/$REPO_NAME/$COMPONENT_NAME"
 
-DOCKER_USERNAME="${DOCKER_USERNAME:-}"
-DOCKER_PASSWORD="${DOCKER_PASSWORD:-}"
+GHCR_USERNAME="${GHCR_USERNAME:-}"
+GHCR_TOKEN="${GHCR_TOKEN:-}"
 
-if [[ -z "$DOCKER_USERNAME" || -z "$DOCKER_PASSWORD" ]]; then
-  echo "❌ Missing Docker credentials (DOCKER_USERNAME / DOCKER_PASSWORD)"
+if [[ -z "$GHCR_USERNAME" || -z "$GHCR_TOKEN" ]]; then
+  echo "❌ Missing GHCR credentials (GHCR_USERNAME / GHCR_TOKEN)"
   exit 1
 fi
 
@@ -41,19 +42,26 @@ printf "    latest  → %s\n" "${LATEST_TAG:-<none>}"
 delete_docker_tag() {
   local tag="$1"
 
-  echo "🔐 Authenticating to Docker Hub..."
-  TOKEN=$(curl -s -X POST https://hub.docker.com/v2/users/login/ \
-    -H "Content-Type: application/json" \
-    -d "{\"username\": \"$DOCKER_USERNAME\", \"password\": \"$DOCKER_PASSWORD\"}" | jq -r .token)
+  echo "🗑️ Attempting to delete $IMAGE:$tag from GHCR..."
+
+  # Find version ID
+  VERSION_ID=$(gh api "user/packages/container/${REPO_NAME}/versions" \
+    -H "Authorization: Bearer $GHCR_TOKEN" \
+    | jq -r ".[] | select(.metadata.container.tags[]? == \"$tag\") | .id")
+
+  if [[ -z "$VERSION_ID" ]]; then
+    echo "⚠️ No version ID found for tag $tag — skipping delete."
+    return
+  fi
 
-  echo "🗑️ Attempting to delete $IMAGE:$tag from Docker Hub..."
   RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" -X DELETE \
-    "https://hub.docker.com/v2/repositories/$DOCKER_USERNAME/$REPO_NAME/tags/$tag/" \
-    -H "Authorization: JWT $TOKEN")
+    -H "Authorization: Bearer $GHCR_TOKEN" \
+    -H "Accept: application/vnd.github.v3+json" \
+    "https://api.github.com/user/packages/container/${REPO_NAME}/versions/${VERSION_ID}")
 
   case "$RESPONSE" in
     204) echo "✅ Deleted $IMAGE:$tag" ;;
-    404) echo "⚠️ Tag $IMAGE:$tag not found on Docker Hub" ;;
+    404) echo "⚠️ Tag $IMAGE:$tag not found on GHCR" ;;
     *)   echo "❌ Failed to delete $IMAGE:$tag (HTTP $RESPONSE)" ;;
   esac
 }
diff --git a/.github/scripts/on_release_pushed.sh b/.github/scripts/on_release_pushed.sh
@@ -7,8 +7,9 @@ IS_PRERELEASE="$3"
 IS_DRAFT="$4"
 
 VERSION="${RAW_VERSION_TAG#v}"
-REPO_NAME="subvortex-${COMPONENT//_/-}"
-IMAGE="subvortex/$REPO_NAME"
+REPO_NAME="$(echo "${GITHUB_REPOSITORY}" | tr '[:upper:]' '[:lower:]')"
+COMPONENT_NAME="subvortex-${COMPONENT//_/-}"
+IMAGE="ghcr.io/${GIIMAGE="ghcr.io/${GITHUB_REPOSITORY_OWNER}/$REPO_NAME/$COMPONENT_NAME"
 
 if [[ "$IS_DRAFT" == "true" ]]; then
   echo "⏭️ Skipping draft release"
diff --git a/.github/scripts/on_tag_deleted.sh b/.github/scripts/on_tag_deleted.sh
@@ -6,41 +6,34 @@ SERVICE="$2"
 TAG="$3"
 
 VERSION="${TAG#v}"
-REPO_NAME="subvortex-${COMPONENT//_/-}"
-IMAGE="subvortex/$REPO_NAME"
+REPO_NAME="$(echo "${GITHUB_REPOSITORY}" | tr '[:upper:]' '[:lower:]')"
+COMPONENT_NAME="subvortex-${COMPONENT//_/-}"
+IMAGE="ghcr.io/${GITHUB_REPOSITORY_OWNER}/$REPO_NAME/$COMPONENT_NAME"
 
-DOCKER_USERNAME="${DOCKER_USERNAME:-}"
-DOCKER_PASSWORD="${DOCKER_PASSWORD:-}"
+GHCR_USERNAME="${GHCR_USERNAME:-}"
+GHCR_TOKEN="${GHCR_TOKEN:-}"
 
-if [[ -z "$DOCKER_USERNAME" || -z "$DOCKER_PASSWORD" ]]; then
-  echo "❌ Missing Docker credentials (DOCKER_USERNAME / DOCKER_PASSWORD)"
-  exit 1
+if [[ -z "$GHCR_USERNAME" || -z "$GHCR_TOKEN" ]]; then
+    echo "❌ Missing Docker credentials (GHCR_USERNAME / GHCR_TOKEN)"
+    exit 1
 fi
 
-echo "🔐 Requesting Docker Hub JWT token..."
-TOKEN=$(curl -s -X POST https://hub.docker.com/v2/users/login/ \
-  -H "Content-Type: application/json" \
-  -d "{\"username\": \"$DOCKER_USERNAME\", \"password\": \"$DOCKER_PASSWORD\"}" | jq -r .token)
-
-if [[ "$TOKEN" == "null" || -z "$TOKEN" ]]; then
-  echo "❌ Failed to authenticate with Docker Hub"
-  exit 1
-fi
+echo "🔍 Deleting $IMAGE:$VERSION from GitHub Container Registry..."
 
-echo "🔍 Deleting $IMAGE:$VERSION from Docker Hub..."
 RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" -X DELETE \
-  -H "Authorization: JWT $TOKEN" \
-  "https://hub.docker.com/v2/repositories/$DOCKER_USERNAME/$REPO_NAME/tags/$VERSION/")
+    -H "Authorization: Bearer $GHCR_TOKEN" \
+    -H "Accept: application/vnd.github.v3+json" \
+"https://api.github.com/orgs/${GHCR_USERNAME}/packages/container/${REPO_NAME}/versions/$VERSION")
 
 case "$RESPONSE" in
-  204)
-    echo "✅ Deleted $IMAGE:$VERSION"
+    204)
+        echo "✅ Deleted $IMAGE:$VERSION"
     ;;
-  404)
-    echo "⚠️ Tag not found: $IMAGE:$VERSION"
+    404)
+        echo "⚠️ Tag not found: $IMAGE:$VERSION"
     ;;
-  *)
-    echo "❌ Failed to delete tag: HTTP $RESPONSE"
-    exit 1
+    *)
+        echo "❌ Failed to delete tag: HTTP $RESPONSE"
+        exit 1
     ;;
-esac
+esac
diff --git a/.github/scripts/on_tag_pushed.sh b/.github/scripts/on_tag_pushed.sh
@@ -5,8 +5,9 @@ COMPONENT="$1"
 WHEEL_IMAGE="$2"
 VERSION_TAG="$3"
 
-REPO_NAME="subvortex-${COMPONENT//_/-}"
-IMAGE="subvortex/$REPO_NAME"
+REPO_NAME="$(echo "${GITHUB_REPOSITORY}" | tr '[:upper:]' '[:lower:]')"
+COMPONENT_NAME="subvortex-${COMPONENT//_/-}"
+IMAGE="ghcr.io/${GITHUB_REPOSITORY_OWNER}/$REPO_NAME/$COMPONENT_NAME"
 VERSION="${VERSION_TAG#v}"
 DOCKERFILE="subvortex/$COMPONENT/Dockerfile"
 
@@ -30,7 +31,7 @@ echo "🧾 Resolved Versions:"
 echo "VERSION=$VERSION"
 echo "COMPONENT_VERSION=$COMPONENT_VERSION"
 
-echo "🚀 Building and pushing Docker image: $IMAGE:$VERSION"
+echo "🚀 Building and pushing image: $IMAGE:$VERSION"
 
 docker buildx build \
   --squash \
@@ -44,3 +45,8 @@ docker buildx build \
   --file "$DOCKERFILE" \
   --push \
   .
+# echo "🌍 Making image public: $IMAGE"
+
+# # Needs gh CLI installed and authenticated (GH_TOKEN must be available in env)
+# PACKAGE_NAME="container/${REPO_NAME}"
+# gh api --method PATCH "/user/packages/${PACKAGE_NAME}/visibility" --field visibility=public
diff --git a/.github/workflows/docker-workflow.yml b/.github/workflows/docker-workflow.yml
@@ -74,30 +74,34 @@ jobs:
       - name: 🧾 Checkout repository
         uses: actions/checkout@v3
 
-      - name: 🛠 Set up QEMU
-        uses: docker/setup-qemu-action@v2
+      - name: 🛠 Install QEMU
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y qemu-user-static binfmt-support
+          docker run --privileged --rm tonistiigi/binfmt --install all || true
 
       - name: 🧱 Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
 
-      - name: 🔐 Docker Login
+      - name: 🔐 Docker Login to GitHub Container Registry (ghcr.io)
         uses: docker/login-action@v2
         with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
+          registry: ghcr.io
+          username: ${{ secrets.GHCR_USERNAME }}
+          password: ${{ secrets.GHCR_TOKEN }}
 
       - name: 🧠 Generate build tag from hash
         id: meta
         run: |
           HASH=$(sha256sum subvortex/core/Dockerfile.builder | cut -d ' ' -f1)
-          echo "tag=subvortex/subvortex-wheel-builder:3.11-$HASH" >> $GITHUB_OUTPUT
+          echo "tag=ghcr.io/${{ github.repository_owner }}/subvortex-wheel-builder:3.11-$HASH" >> $GITHUB_OUTPUT
 
       - name: 🐋 Build & push wheel-builder (only if not exists)
         if: startsWith(github.ref, 'refs/tags/') && github.event_name == 'push'
         id: wheelbuilder
         run: |
           TAG="${{ steps.meta.outputs.tag }}"
-          LATEST_TAG="subvortex/subvortex-wheel-builder:latest"
+          LATEST_TAG="ghcr.io/${{ github.repository_owner }}/subvortex-wheel-builder:latest"
 
           if docker pull "$TAG" >/dev/null 2>&1; then
             echo "✅ Image already exists: $TAG"
@@ -141,8 +145,8 @@ jobs:
         run: |
           .github/scripts/on_tag_deleted.sh "${{ matrix.component }}" "${{ matrix.service }}" "${{ github.event.ref }}"
         env:
-          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
-          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+          GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
+          GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}
 
   release:
     if: github.event_name == 'release'
@@ -159,17 +163,21 @@ jobs:
       - name: 🧾 Checkout repository
         uses: actions/checkout@v3
 
-      - name: 🛠 Set up QEMU
-        uses: docker/setup-qemu-action@v2
+      - name: 🛠 Install QEMU
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y qemu-user-static binfmt-support
+          docker run --privileged --rm tonistiigi/binfmt --install all || true
 
       - name: 🧱 Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
 
-      - name: 🔐 Docker Login
+      - name: 🔐 Docker Login to GitHub Container Registry (ghcr.io)
         uses: docker/login-action@v2
         with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
+          registry: ghcr.io
+          username: ${{ secrets.GHCR_USERNAME }}
+          password: ${{ secrets.GHCR_TOKEN }}
 
       - name: 🧠 Determine tag and floating tags
         id: taginfo
@@ -193,5 +201,3 @@ jobs:
             "${{ steps.taginfo.outputs.version_tag }}" \
             "${{ github.event.release.prerelease }}" \
             "${{ github.event.release.draft }}"
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
