[GH-176] - Migrate from Google Container Registry (GCR) to Google Art…

…ifact Registry (GAR), remove unused scripts (#180)

* feat(ci): Update deploy workflows to use gar

* feat(ci): Update globals.sh and add package-mode = false to pyproject.toml

* feat(ci): Update pull-request.yml

* feat(ci): Bump actions/checkout to v4 in deploy.yml

* feat(ci): Delete configure-docker/action.yml

* chore(ci): Remove old slack dependencies

* chore(ci): Remove unused gcr-login.sh

* chore(ci): update gcr reference to gar in push-release-image.sh

* feat(ci): update create-release.yml to use gar

* chore(ci): update gcr references in docs

* chore(ci): update gcr references in run-development-server.sh

* [Bot] Update version to 2.4.0

---------

Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>

.github/steps/create-release/push-release-image.sh

@@ -3,7 +3,7 @@ function print_help {
    Use: push-release-image.sh --version <semver> [--debug --help]
    Options:
    -v, --version   (Required)
-                   The release version you want to dockerize and push to gcr.
+                   The release version you want to dockerize and push to gar.
 
    --strict        Die on any errors
    -h, --help      Show this message and exit

.github/workflows/create-release.yml

@@ -37,23 +37,12 @@ jobs:
       # Creating "Release" artifacts falls under "contents: write"
       contents: write
     steps:
-      - uses: actions/checkout@v3
-      - uses: UWIT-IAM/actions/[email protected]
-        with:
-          gcloud-token: ${{ secrets.GCR_TOKEN }}
-
-      - name: Set up Python 3.10
-        uses: actions/setup-python@v4
+      - uses: actions/checkout@v4
+      - name: Initialize Poetry & Install Tox &  Finger Printer
+        uses: uwit-iam/action-setup-poetry-project@main
         with:
-          python-version: '3.10'
-
-      - name: Install Poetry with pip
-        run: |
-          python -m pip install --upgrade pip
-          python -m pip install poetry
-          poetry --version
-
-
+          credentials: "${{ secrets.MCI_GCLOUD_AUTH_JSON }}"
+          enable_private_docker: true
       - run: |
           sudo apt-get -y install jq
           poetry run pip install tox uw-it-build-fingerprinter
@@ -76,7 +65,7 @@ jobs:
         if: github.ref == 'refs/heads/main'
 
       - name: Push Docker image
-        run: docker push gcr.io/uwit-mci-iam/husky-directory:${{ env.version }}
+        run: docker push us-docker.pkg.dev/uwit-mci-iam/containers/husky-directory:${{ env.version }}
         if: github.ref == 'refs/heads/main'
 
       - name: Deploy

.github/workflows/deploy.yml

@@ -25,7 +25,6 @@ on:
           with this change.          
 
 env:
-  GCLOUD_TOKEN: ${{ secrets.GCR_TOKEN }}
   UW_DIRECTORY_DEPLOY_MS_TEAMS_WEBHOOK_URL: ${{ secrets.UW_DIRECTORY_DEPLOY_MS_TEAMS_WEBHOOK_URL }}
 
 jobs:
@@ -42,7 +41,7 @@ jobs:
       target-version: ${{ steps.reconcile-version.outputs.target-version }}
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       # We require a deployment record for the prod endpoint to make it
       # harder to accidentally deploy to prod; unfortunately we cannot
       # currently validate this record, because endpoints usually require
@@ -115,7 +114,7 @@ jobs:
       contents: read
       id-token: write
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Notify Teams of Deployment Start
         # creates MS Teams notification for the deployment (except for developer instances),
         if: env.target_stage == 'dev' || env.target_stage == 'eval' || env.target_stage == 'prod'
@@ -170,28 +169,15 @@ jobs:
                }' \
                "${{ env.UW_DIRECTORY_DEPLOY_MS_TEAMS_WEBHOOK_URL }}"
 
-      - name: Set up Python 3.10
-        uses: actions/setup-python@v4
+      - uses: actions/checkout@v4
+      - name: Initialize Poetry & Deploy to GCP
+        uses: uwit-iam/action-setup-poetry-project@main
         with:
-          python-version: '3.10'
-
-      - name: Install Poetry with pip
-        run: |
-          python -m pip install --upgrade pip
-          python -m pip install poetry
-          poetry --version
-
-      - name: Run Poetry Install
-        run: |
+          credentials: "${{ secrets.MCI_GCLOUD_AUTH_JSON }}"
+          enable_private_docker: true
+      - run: |
           sudo apt-get -y install jq
           poetry install --no-root
-
-      - uses: actions/checkout@v3
-      - uses: ./.github/actions/configure-docker
-        with:
-          project-name: ${{ secrets.IAM_GCR_REPO }}
-          gcr-token: ${{ secrets.GCR_TOKEN }}
-      - run: |
           gcloud auth activate-service-account --key-file=${GOOGLE_APPLICATION_CREDENTIALS}
           ./scripts/deploy.sh -g -t ${target_stage} -v ${target_version} -r "${{  github.event.inputs.associated-record }}"
         # probably need to account for -x, --dry-run at some point. lets see how things go.

.github/workflows/pull-request.yml

@@ -10,8 +10,6 @@ on:
       - '**.md'
 
 env:
-  GCR_TOKEN: ${{ secrets.GCR_TOKEN }}
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   STEP_SCRIPTS: ${{ github.workspace }}/.github/steps/pull-request
 
 jobs:
@@ -45,32 +43,18 @@ jobs:
     env:
       APP_VERSION: ${{ needs.update-pr-branch-version.outputs.new-version }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.event.pull_request.head.ref }}
-
-      - name: Set up Python 3.10
-        uses: actions/setup-python@v4
+      - name: Run uwit-iam/action-setup-poetry-project
+        uses: uwit-iam/action-setup-poetry-project@main
         with:
-          python-version: '3.10'
-
-      - name: Install Poetry with pip
-        run: |
-          python -m pip install --upgrade pip
-          python -m pip install poetry
-          poetry --version
-
+          credentials: "${{ secrets.MCI_GCLOUD_AUTH_JSON }}"
+          enable_private_docker: true
       - run: |
           sudo apt-get -y install jq
           poetry run pip install tox uw-it-build-fingerprinter
-        id: configure
-        name: Set up environment
-
-      - uses: UWIT-IAM/actions/[email protected]
-        with:
-          gcloud-token: ${{ secrets.GCR_TOKEN }}
-
-      - run: poetry run tox -e build-layers
+          poetry run tox -e build-layers
 
       - name: Run validation checks and tests
         run: poetry run tox -e black,flake8,unit-tests
@@ -83,7 +67,7 @@ jobs:
         run: ${STEP_SCRIPTS}/create-pr-tag.sh -s ${{ env.source_image }}
         id: create-pr-tag
         env:
-          source_image: gcr.io/uwit-mci-iam/husky-directory.app:tox
+          source_image: us-docker.pkg.dev/uwit-mci-iam/containers/husky-directory.app:tox
 
       - uses: mshick/add-pr-comment@v1
         env:

docs/deployment.md

@@ -33,7 +33,7 @@ If no **version** is specified, a [promotion](#promotions) will occur instead.
 
 ### ... from your terminal
 
-**This is only available to people who have write access to the GCR repository.**
+**This is only available to people who have write access to the Google Artifact Registry (GAR) repository.**
 
 Use `./scripts/deploy.sh -t <stage> -v <version> -r <rfc_number>` 
 

docs/docker.md

@@ -26,32 +26,21 @@ Prod is the same, but `deploy-prod.X`
 
 This is a problem that still needs solving. See IAM-258.
 
-## GCR Image Repository
+## Google Artifact Registry (GAR) Repository
 
-The repository for this service is gcr.io/uwit-mci-iam/husky-directory. Access to 
-this repository requires operator permissions on our google project. Team members 
-can reach out on slack for access if they do not have it already.
+The repository for this service is `us-docker.pkg.dev/uwit-mci-iam/containers/husky-directory`.
+Access to this repository requires operator permissions on our Google Cloud project. Team members can reach out on Teams for access if they do not have it already.
+For GitHub Actions authentication setup and configuration,
+please refer to our `action-auth-artifact-registry` [documentation](https://github.com/UWIT-IAM/action-auth-artifact-registry).
 
-### Github Actions access to gcr.io:
-
-If the security token for Github Actions ever needs to be updated:
-
-1. Create a new key for the `uw-directory-github-actions` service account. Download 
-   the key. 
-1. Base64 encode it. (`cat $KEY_FILE_NAME | base64`)
-1. Update the `GCR_TOKEN` secret in the [github repository secrets] with the 
-   base64-encoded value.
-
-_This can only be done by a person who is an administrator of this repository, and 
-has access to the project IAM configuration._
 
 ## Running images
 
 See [Running the app](running-the-app.md).
 
 [development-server]: https://github.com/uwit-iam/uw-husky-directory/tree/main/docker/development-server.dockerfile 
-[poetry-base]: https://gcr.io/uwit-mci-iam/poetry
+[poetry-base]: https://github.com/UWIT-IAM/action-setup-poetry-project
 [search-image-tags]: https://github.com/uwit-iam/uw-husky-directory/tree/main/scripts/search-image-tags.sh]
 [commits]: commits.md
-[gcr.io]: https://gcr.io/uwit-mci-iam/husky-directory
+[Goole Artifact Registry (GAR)]: https://console.cloud.google.com/artifacts/docker/uwit-mci-iam/us/containers/husky-directory
 [github repository secrets]: https://github.com/UWIT-IAM/uw-husky-directory/settings/secrets/actions