Merge pull request #415 from surajssd/build-base-tools-image

CI: Build & Push Cloudshell Images to GHCR
Azure · Jun 7, 2024 · e1d1bdf · e1d1bdf
2 parents bd5330c + 77b3324
commit e1d1bdf
Show file tree

Hide file tree

Showing 4 changed files with 65 additions and 12 deletions.
diff --git a/.github/workflows/cloudshell-build-push.yaml b/.github/workflows/cloudshell-build-push.yaml
@@ -0,0 +1,41 @@
+name: Build & Push Cloudshell Images
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  build_and_push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Login to GHCR
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.repository_owner }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Base image
+      uses: docker/build-push-action@v3
+      with:
+        context: .
+        file: linux/base.Dockerfile
+        push: true
+        tags: ghcr.io/cloudshell/base:${{ github.sha }},ghcr.io/cloudshell/base:latest
+
+    - name: Tools image
+      uses: docker/build-push-action@v3
+      with:
+        context: .
+        file: linux/tools.Dockerfile
+        push: true
+        tags: ghcr.io/cloudshell/tools:${{ github.sha }},ghcr.io/cloudshell/tools:latest
+        build-args: IMAGE_LOCATION=ghcr.io/cloudshell/base:${{ github.sha }}
diff --git a/README.md b/README.md
@@ -82,7 +82,14 @@ changes to the tools.
 
 ## Building and Testing the image
 
-Required software
+### Building the images
+
+> [!NOTE]
+> Cloud Shell publishes an image on each update to the master branch. If you would like to use the pre-built image, then
+> you can skip this step by downloading the latest [base image layer here](ghcr.io/cloudshell/base:latest)
+> and the latest [tools image layer here](ghcr.io/cloudshell/tools:latest). You can find all previously built image layers [here](https://github.com/orgs/Azure/packages?repo_name=CloudShell).
+
+Required software:
 
 - Docker
 - Bash terminal / Powershell
@@ -96,22 +103,24 @@ docker build -t base_cloudshell -f linux/base.Dockerfile .
 Building tools.Dockerfile image
 
 ```bash
-docker build -t tools_cloudshell --build-arg IMAGE_LOCATION=base_cloudshell -f linux/tools.Dockerfile . 
+docker build -t tools_cloudshell --build-arg IMAGE_LOCATION=base_cloudshell -f linux/tools.Dockerfile .
 ```
 
-Running bash in the tools.Dockerfile image
+### Testing the images
+
+Running `bash` in the `tools.Dockerfile` based image:
 
 ```bash
 docker run -it tools_cloudshell /bin/bash
 ```
 
-Running pwsh in the tools.Dockerfile image
+Running `pwsh` in the `tools.Dockerfile` based image:
 
 ```bash
 docker run -it tools_cloudshell /usr/bin/pwsh
 ```
 
-Testing the Cloud Shell image
+Testing the Cloud Shell image:
 
 ```bash
 docker run --volume /path/to/CloudShell/folder/tests:/tests -it tools_cloudshell /tests/test.sh
@@ -152,7 +161,7 @@ _every_ Cloud Shell admin to have the tool available.
 For a tool to be included in Cloud Shell, it has to be:
 
 - widely useful to Azure administrators
-- well-maintained and supported,  
+- well-maintained and supported,
 - released under a license which permits us to include it
 - lightweight in terms of CPU requirements, size on disk, and memory
 
@@ -180,7 +189,7 @@ If you wish to contribute to The Cloud Shell documentation, see the Microsoft Le
 
 This project welcomes contributions and suggestions. Most contributions require you to agree to a
 Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
-the rights to use your contribution. For details, see 
+the rights to use your contribution. For details, see
 [https://cla.microsoft.com](https://cla.microsoft.com).
 
 When you submit a pull request, a CLA-bot will automatically determine whether you need to provide

diff --git a/linux/base.Dockerfile b/linux/base.Dockerfile
@@ -13,6 +13,7 @@
 # ability to stay current on Linux updates.
 # https://github.com/microsoft/CBL-Mariner
 FROM mcr.microsoft.com/cbl-mariner/base/core:2.0
+LABEL org.opencontainers.image.source="https://github.com/Azure/CloudShell"
 
 SHELL ["/bin/bash","-c"]
 COPY linux/tdnfinstall.sh .

diff --git a/linux/tools.Dockerfile b/linux/tools.Dockerfile
@@ -8,6 +8,8 @@ ARG IMAGE_LOCATION=cdpxb787066ec88f4e20ae65e42a858c42ca00.azurecr.io/official/cl
 # Copy from base build
 FROM ${IMAGE_LOCATION}
 
+LABEL org.opencontainers.image.source="https://github.com/Azure/CloudShell"
+
 RUN tdnf clean all && \
     tdnf repolist --refresh && \
     ACCEPT_EULA=Y tdnf update -y && \
@@ -21,8 +23,8 @@ RUN tdnf clean all && \
 
 # Install any Azure CLI extensions that should be included by default.
 RUN az extension add --system --name ai-examples -y \
-&& az extension add --system --name ssh -y \
-&& az extension add --system --name ml -y
+    && az extension add --system --name ssh -y \
+    && az extension add --system --name ml -y
 
 # Install kubectl
 RUN az aks install-cli \
@@ -48,9 +50,9 @@ RUN npm install -q -g @pnp/cli-microsoft365
 
 # Install Bicep CLI
 RUN curl -Lo bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64 \
-  && chmod +x ./bicep \
-  && mv ./bicep /usr/local/bin/bicep \
-  && bicep --help
+    && chmod +x ./bicep \
+    && mv ./bicep /usr/local/bin/bicep \
+    && bicep --help
 
 # Temp: fix ansible modules. Proper fix is to update base layer to use regular python for Ansible.
 RUN mkdir -p /usr/share/ansible/collections/ansible_collections/azure/azcollection/ \