From 22a00112d37515e99bb4ac1cdd9d78477d045327 Mon Sep 17 00:00:00 2001
From: Joshua Watt <Joshua.Watt@garmin.com>
Date: Wed, 4 Dec 2024 07:10:42 -0700
Subject: [PATCH] Switch to GHCR

Switches the project to push images to ghcr instead of docker hub. This
integrates better with GitHub actions
---
 .github/workflows/main.yml    | 16 ++++++++--------
 .github/workflows/release.yml |  8 +++-----
 ci/build_image.py             |  2 +-
 ci/deploy_docker.py           |  9 ++++-----
 pyrex.ini                     |  4 ++--
 5 files changed, 18 insertions(+), 21 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 29a1e82..deb8aa4 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -83,6 +83,9 @@ jobs:
           - {image: ubuntu-24.04-oegarmin,  provider: docker, sh: bash}
 
     runs-on: ubuntu-20.04
+    permissions:
+      packages: write
+      contents: read
 
     env:
       USE_HELPER: "1"
@@ -101,7 +104,6 @@ jobs:
       - name: Install packages
         run: |
           sudo mkdir -p /etc/containers/
-          echo -e "[registries.search]\nregistries = ['docker.io']\n" | sudo tee /etc/containers/registries.conf
           echo '{ "features": { "buildkit": true } }' | sudo tee /etc/docker/daemon.json
           sudo apt -y install \
             diffstat \
@@ -135,11 +137,9 @@ jobs:
         run: |
           coverage3 combine
 
-      - name: Login to DockerHub
-        uses: docker/login-action@v1
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Login to ghcr.io
+        run: |
+          echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
         if: ${{ ( github.ref == 'refs/heads/next' || github.ref == 'refs/heads/master' ) && github.event_name == 'push' && matrix.provider == 'docker' }}
 
       - name: Push image
@@ -148,6 +148,6 @@ jobs:
           if [ "$TAG" = "master" ]; then
             TAG="latest"
           fi
-          docker tag garminpyrex/${{ matrix.image }}:ci-test garminpyrex/${{ matrix.image }}:$TAG
-          docker push garminpyrex/${{ matrix.image }}:$TAG
+          docker tag ghcr.io/garmin/${{ matrix.image }}:ci-test garminpyrex/${{ matrix.image }}:$TAG
+          docker push ghcr.io/garmin/${{ matrix.image }}:$TAG
         if: ${{ ( github.ref == 'refs/heads/next' || github.ref == 'refs/heads/master' ) && github.event_name == 'push' && matrix.provider == 'docker' }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 1bb2b4e..453ee94 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -54,11 +54,9 @@ jobs:
           python3 -m pip install --upgrade pip
           pip3 install requests
 
-      - name: Login to DockerHub
-        uses: docker/login-action@v1
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Login to ghcr.io
+        run: |
+          echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
 
       - name: Deploy image
         run: |
diff --git a/ci/build_image.py b/ci/build_image.py
index 95239f8..0794868 100755
--- a/ci/build_image.py
+++ b/ci/build_image.py
@@ -51,7 +51,7 @@ def main():
         provider,
         "build",
         "-t",
-        "garminpyrex/%s:ci-test" % args.image,
+        "ghcr.io/garmin/%s:ci-test" % args.image,
         "-f",
         docker_file,
         "--network=host",
diff --git a/ci/deploy_docker.py b/ci/deploy_docker.py
index 4b9aa12..2d5566b 100755
--- a/ci/deploy_docker.py
+++ b/ci/deploy_docker.py
@@ -39,19 +39,18 @@ def deploy_image(top_dir, image, tag):
 
     (_, _, image_type) = image.split("-")
 
-    repo = "garminpyrex/%s" % image
-    name = "%s:%s" % (repo, tag)
+    repo = "garmin/%s" % image
+    name = "ghcr.io/%s:%s" % (repo, tag)
 
     print("Deploying %s..." % name)
 
     # Get a login token for the Docker registry and download the manifest
     token = requests.get(
-        "https://auth.docker.io/token?service=registry.docker.io&scope=repository:%s:pull"
-        % repo,
+        "https://ghcr.io/token?scope=repository:%s:pull" % repo,
         json=True,
     ).json()["token"]
     manifest = requests.get(
-        "https://registry.hub.docker.com/v2/%s/manifests/%s" % (repo, tag),
+        "https://ghcr.io/v2/%s/manifests/%s" % (repo, tag),
         headers={"Authorization": "Bearer %s" % token},
         json=True,
     ).json()
diff --git a/pyrex.ini b/pyrex.ini
index fd00fe8..06f3b11 100644
--- a/pyrex.ini
+++ b/pyrex.ini
@@ -39,7 +39,7 @@ confversion = @CONFVERSION@
 
 # The name of the tag given to the image. If you want to keep around different
 # Pyrex images simultaneously, each should have a unique tag
-%tag = garminpyrex/${config:image}:${config:pyrextag}
+%tag = garmin/${config:image}:${config:pyrextag}
 
 # If set to 1, the image is built up locally every time the environment is
 # sourced. If set to 0, building the image will be skipped, which means that
@@ -49,7 +49,7 @@ confversion = @CONFVERSION@
 
 # The name of the registry where to find the image whose complete name is stored
 # in tag variable. This variable is only used when buildlocal is set to 0.
-%registry = docker.io
+%registry = ghcr.io
 
 # A list of environment variables that should be imported as Pyrex
 # configuration variables in the "env" section, e.g. ${env:HOME}. Note that