DRAFT: Simplify builds

.github/workflows/radix-operator-pr.yml

@@ -3,24 +3,114 @@ on:
   pull_request:
     branches:
     - master
+
+permissions:
+  id-token: write
+
 jobs:
   build-operator:
     name: Build-operator
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
-    - name: Build operator image
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - uses: azure/login@v1
+      with:
+        client-id: 6e96429a-3ad5-40ee-b961-6de864d878fc
+        tenant-id: 3aa4a235-b6e2-48d5-9195-7fcf05b459b0
+        subscription-id: 16ede44b-1f74-40a5-b428-46cca9a5741b
+
+    - name: Get GitHub Public IP
+      id: github_public_ip
+      run: echo "ipv4=$(curl 'https://ifconfig.me/ip')" >> $GITHUB_OUTPUT
+
+    - name: Add GitHub IP to ACR
+      id: update_firewall
+      run: az acr network-rule add --name radixdev --ip-address  ${{ steps.github_public_ip.outputs.ipv4 }} --query provisioningState && sleep 10
+
+    - uses: azure/login@v1
+      with:
+        client-id: 6e96429a-3ad5-40ee-b961-6de864d878fc
+        tenant-id: 3aa4a235-b6e2-48d5-9195-7fcf05b459b0
+        subscription-id: 16ede44b-1f74-40a5-b428-46cca9a5741b
+
+    - name: ACR Login
+      run: 'az acr login --name radixdev --subscription 16ede44b-1f74-40a5-b428-46cca9a5741b'
+
+    - name: Create tag
+      id: tag
       env:
-        REF: ${{ github. sha }}
-        DOCKER_BUILDKIT: 1
-      run: docker build -t radix-operator:${REF##*/} -f operator.Dockerfile .
+        GITHUB_SHA: ${{github.sha}}
+      run: |
+        sha=${GITHUB_SHA:0:8}
+        ts=$(date +%s)
+        build_id=nightly-${sha}-${ts}
+        echo "image_tag=${build_id}" >> "$GITHUB_OUTPUT"
+
+    - name: Build and push Docker images
+      uses: docker/build-push-action@v5
+      with:
+        push: true
+        file: operator.Dockerfile
+        tags:  radixdev.azurecr.io/radix-operator-test:${{ steps.tag.outputs.image_tag }}
+        cache-from: type=registry,ref=radixdev.azurecr.io/radix-operator-test:buildcache
+        cache-to: type=registry,ref=radixdev.azurecr.io/radix-operator-test:buildcache,mode=max
+
+    - name: Revoke GitHub IP on StorageAccount
+      if: success() || steps.update_firewall.conclusion == 'success'
+      run: az acr network-rule remove --name radixdev --ip-address  ${{ steps.github_public_ip.outputs.ipv4 }} --query provisioningState
+
+
   build-pipeline:
     name: Build-pipeline
     runs-on: ubuntu-latest
+    if: false
     steps:
     - uses: actions/checkout@v3
-    - name: Build pipeline image
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - uses: azure/login@v1
+      with:
+        client-id: 6e96429a-3ad5-40ee-b961-6de864d878fc
+        tenant-id: 3aa4a235-b6e2-48d5-9195-7fcf05b459b0
+        subscription-id: 16ede44b-1f74-40a5-b428-46cca9a5741b
+
+    - name: Get GitHub Public IP
+      id: github_public_ip
+      run: echo "ipv4=$(curl 'https://ifconfig.me/ip')" >> $GITHUB_OUTPUT
+
+    - name: Add GitHub IP to StorageAccount
+      run: az acr network-rule add --name radixdev --ip-address  ${{ steps.github_public_ip.outputs.ipv4 }} --query provisioningState
+
+    - name: ACR Login
+      run: 'az acr login --name radixdev --subscription 16ede44b-1f74-40a5-b428-46cca9a5741b'
+
+    - name: Create tag
+      id: tag
       env:
-        REF: ${{ github. sha }}
-        DOCKER_BUILDKIT: 1
-      run: docker build -t radix-operator:${REF##*/} -f pipeline.Dockerfile .
+        GITHUB_SHA: ${{github.sha}}
+      run: |
+        sha=${GITHUB_SHA::8}
+        ts=$(date +%s)
+        build_id=${GITHUB_REF_NAME}-${sha}-${ts}
+
+        echo "IMAGE_TAG=$build_id" >> $GITHUB_OUTPUTS
+
+    - name: Build and push Docker images
+      uses: docker/build-push-action@v5
+      with:
+        push: true
+        file: pipeline.Dockerfile
+        tags: |
+          radixdev.azurecr.io/radix-pipeline-test:${{ steps.tag.outputs.IMAGE_TAG }}
+        cache-from: type=registry,ref=radixdev.azurecr.io/radix-pipeline-test:buildcache
+        cache-to: type=registry,ref=radixdev.azurecr.io/radix-pipeline-test:buildcache,mode=max
+
+    - name: Revoke GitHub IP on StorageAccount
+      run: az acr network-rule remove --name radixdev --ip-address  ${{ steps.github_public_ip.outputs.ipv4 }} --query provisioningState
+

operator.Dockerfile

@@ -8,25 +8,25 @@ WORKDIR /go/src/github.com/equinor/radix-operator/
 
 # Install project dependencies
 COPY go.mod go.sum ./
-RUN go mod download
+RUN --mount=type=cache,id=cache,target=/root/.cache go mod download
 # Copy project code
 COPY ./radix-operator ./radix-operator
 COPY ./pkg ./pkg
 
 FROM base as run-staticcheck
-RUN go install honnef.co/go/tools/cmd/[email protected]
-RUN staticcheck `go list ./... | grep -v "pkg/client"` && touch /staticcheck.done
+RUN --mount=type=cache,id=cache,target=/root/.cache go install honnef.co/go/tools/cmd/[email protected]
+RUN --mount=type=cache,id=cache,target=/root/.cache staticcheck `go list ./... | grep -v "pkg/client"` && touch /staticcheck.done
 
 FROM base as tester
 # Run tests
-RUN go vet `go list ./... | grep -v "pkg/client"` && \
+RUN --mount=type=cache,id=cache,target=/root/.cache go vet `go list ./... | grep -v "pkg/client"` && \
     CGO_ENABLED=0 GOOS=linux go test `go list ./... | grep -v "pkg/client"` && \
     touch /tests.done
 
 FROM base as builder
 # Build
 WORKDIR /go/src/github.com/equinor/radix-operator/radix-operator/
-RUN CGO_ENABLED=0 GOOS=linux go build -ldflags "-s -w" -a -installsuffix cgo -o ./rootfs/radix-operator
+RUN --mount=type=cache,id=cache,target=/root/.cache CGO_ENABLED=0 GOOS=linux go build -ldflags "-s -w" -a -installsuffix cgo -o ./rootfs/radix-operator
 RUN addgroup -S -g 1000 radix-operator
 RUN adduser -S -u 1000 -G radix-operator radix-operator
 

radix-operator/main.go

@@ -53,6 +53,8 @@ func main() {
 	cfg := config.NewConfig()
 	setLogLevel(cfg.LogLevel)
 
+	print("hello world")
+
 	registrationControllerThreads, applicationControllerThreads, environmentControllerThreads, deploymentControllerThreads, jobControllerThreads, alertControllerThreads, kubeClientRateLimitBurst, kubeClientRateLimitQPS, err := getInitParams()
 	if err != nil {
 		panic(err)