MON-196408 [CI] Use ghcr.io (github containers) to store fat containers from pipelines

- docker-builder-packaging-plugins: build and push directly to ghcr.io instead of Harbor
- docker-builder-testing-plugins: build and push directly to ghcr.io instead of Harbor
- perl-cpan-libraries: remove get-packaging-images intermediary job, pull directly from ghcr.io
- plugins-robot-tests: remove push-test-image-to-ghcr intermediary job, pull directly from ghcr.io
- plugins: remove Harbor secrets from plugins-robot-tests call

Author: Tpo76

.github/workflows/docker-builder-packaging-plugins.yml

@@ -94,23 +94,26 @@ jobs:
 
     runs-on: ${{ matrix.runner }}
 
+    permissions:
+      packages: write
+
     steps:
       - name: Checkout sources
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
-      - name: Login to Registry
+      - name: Login to proxy registry
         uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
         with:
-          registry: ${{ vars.DOCKER_INTERNAL_REGISTRY_URL }}
+          registry: ${{ vars.DOCKER_PROXY_REGISTRY_URL }}
           username: ${{ secrets.HARBOR_CENTREON_PUSH_USERNAME }}
           password: ${{ secrets.HARBOR_CENTREON_PUSH_TOKEN }}
 
-      - name: Login to proxy registry
+      - name: Login to GitHub Container Registry
         uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
         with:
-          registry: ${{ vars.DOCKER_PROXY_REGISTRY_URL }}
-          username: ${{ secrets.HARBOR_CENTREON_PUSH_USERNAME }}
-          password: ${{ secrets.HARBOR_CENTREON_PUSH_TOKEN }}
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
 
       - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
 
@@ -121,7 +124,7 @@ jobs:
           build-args: "REGISTRY_URL=${{ vars.DOCKER_PROXY_REGISTRY_URL }}"
           pull: true
           push: true
-          tags: ${{ vars.DOCKER_INTERNAL_REGISTRY_URL }}/${{ matrix.image }}:latest
+          tags: ghcr.io/${{ github.repository }}/${{ matrix.image }}:latest
 
   set-skip-label:
     needs: [get-environment, dockerize]

.github/workflows/docker-builder-testing-plugins.yml

@@ -65,23 +65,26 @@ jobs:
 
     runs-on: ${{ matrix.runner }}
 
+    permissions:
+      packages: write
+
     steps:
       - name: Checkout sources
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
-      - name: Login to Registry
+      - name: Login to proxy registry
         uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
         with:
-          registry: ${{ vars.DOCKER_INTERNAL_REGISTRY_URL }}
+          registry: ${{ vars.DOCKER_PROXY_REGISTRY_URL }}
           username: ${{ secrets.HARBOR_CENTREON_PUSH_USERNAME }}
           password: ${{ secrets.HARBOR_CENTREON_PUSH_TOKEN }}
 
-      - name: Login to proxy registry
+      - name: Login to GitHub Container Registry
         uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
         with:
-          registry: ${{ vars.DOCKER_PROXY_REGISTRY_URL }}
-          username: ${{ secrets.HARBOR_CENTREON_PUSH_USERNAME }}
-          password: ${{ secrets.HARBOR_CENTREON_PUSH_TOKEN }}
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
 
       - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
 
@@ -95,7 +98,7 @@ jobs:
             "PNPM_VERSION=10.24.0"
           pull: true
           push: true
-          tags: ${{ vars.DOCKER_INTERNAL_REGISTRY_URL }}/testing-plugins-${{ matrix.image }}:latest
+          tags: ghcr.io/${{ github.repository }}/testing-plugins-${{ matrix.image }}:latest
 
   set-skip-label:
     needs: [get-environment, dockerize]

.github/workflows/perl-cpan-libraries.yml

@@ -144,60 +144,8 @@ jobs:
           name: partial-matrix-*
           failOnError: false
 
-  get-packaging-images:
-    needs: [get-environment]
-    if: |
-      needs.get-environment.outputs.skip_workflow == 'false' &&
-      needs.get-environment.outputs.stability != 'stable'
-    strategy:
-      fail-fast: false
-      max-parallel: 3
-      matrix:
-        include:
-          - image: packaging-plugins-alma8
-          - image: packaging-plugins-alma9
-          - image: packaging-plugins-alma10
-          - image: packaging-plugins-bullseye
-          - image: packaging-plugins-bookworm
-          - image: packaging-plugins-trixie
-          - image: packaging-plugins-jammy
-          - image: packaging-plugins-noble
-          - image: packaging-plugins-bullseye-arm64
-          - image: packaging-plugins-bookworm-arm64
-          - image: packaging-plugins-trixie-arm64
-    runs-on: ${{ contains(matrix.image, 'arm') && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }}
-    steps:
-      - name: Login to Registry
-        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
-        with:
-          registry: ${{ vars.DOCKER_INTERNAL_REGISTRY_URL }}
-          username: ${{ secrets.HARBOR_CENTREON_PULL_USERNAME }}
-          password: ${{ secrets.HARBOR_CENTREON_PULL_TOKEN }}
-
-      - name: Login to Proxy Registry
-        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
-        with:
-          registry: ${{ vars.DOCKER_PROXY_REGISTRY_URL }}
-          username: ${{ secrets.HARBOR_CENTREON_PULL_USERNAME }}
-          password: ${{ secrets.HARBOR_CENTREON_PULL_TOKEN }}
-
-      - name: Pull and save image
-        env:
-          DOCKER_IMAGE: ${{ vars.DOCKER_INTERNAL_REGISTRY_URL }}/${{ matrix.image }}
-          IMAGE_NAME: ${{ matrix.image }}
-        run: |
-          docker image prune -af
-          docker pull "${DOCKER_IMAGE}:latest"
-          docker save -o "./${IMAGE_NAME}" "${DOCKER_IMAGE}:latest"
-        shell: bash
-
-      - uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
-        with:
-          path: ./${{ matrix.image }}
-          key: ${{ matrix.image }}-${{ github.sha }}-${{ github.run_id }}
-
   package-rpm:
-    needs: [get-environment, generate-matrices, get-packaging-images]
+    needs: [get-environment, generate-matrices]
     if: |
       needs.get-environment.outputs.skip_workflow == 'false' &&
       needs.get-environment.outputs.stability != 'stable'
@@ -213,22 +161,22 @@ jobs:
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
-      - name: Restore packaging image from cache
-        uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
         with:
-          path: ./${{ matrix.image }}
-          key: ${{ matrix.image }}-${{ github.sha }}-${{ github.run_id }}
-          fail-on-cache-miss: true
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
 
-      - name: Load packaging image
+      - name: Pull packaging image from ghcr.io
         env:
-          IMAGE_NAME: ${{ matrix.image }}
-        run: docker load --input "./${IMAGE_NAME}"
+          GHCR_IMAGE: ghcr.io/${{ github.repository }}/${{ matrix.image }}:latest
+        run: docker pull "${GHCR_IMAGE}"
         shell: bash
 
       - if: ${{ matrix.spec_file == '' }}
         env:
-          DOCKER_IMAGE: ${{ vars.DOCKER_INTERNAL_REGISTRY_URL }}/${{ matrix.image }}
+          DOCKER_IMAGE: ghcr.io/${{ github.repository }}/${{ matrix.image }}:latest
           VERSION: ${{ matrix.version || matrix.cpan_version }}
           RPM_DEPENDENCIES: ${{ matrix.rpm_dependencies }}
           RPM_PROVIDES: ${{ matrix.rpm_provides }}
@@ -246,20 +194,20 @@ jobs:
             -e VERSION -e RPM_DEPENDENCIES -e RPM_PROVIDES \
             -e NO_AUTO_DEPENDS -e PREINSTALL_CPANLIBS -e PREINSTALL_PACKAGES \
             -e PKG_NAME -e PKG_EXT -e DISTRIB -e REVISION \
-            "${DOCKER_IMAGE}:latest" \
+            "${DOCKER_IMAGE}" \
             bash .github/scripts/perl-cpan-libraries/package-cpan-rpm.sh
         shell: bash
 
       - if: ${{ matrix.spec_file != '' }}
         env:
-          DOCKER_IMAGE: ${{ vars.DOCKER_INTERNAL_REGISTRY_URL }}/${{ matrix.image }}
+          DOCKER_IMAGE: ghcr.io/${{ github.repository }}/${{ matrix.image }}:latest
           SPEC_FILE: ${{ matrix.spec_file }}
         run: |
           docker run --rm \
             -v "$(pwd):/work" \
             --workdir /work \
             -e SPEC_FILE \
-            "${DOCKER_IMAGE}:latest" \
+            "${DOCKER_IMAGE}" \
             bash -c '
               mkdir -p ~/rpmbuild/{BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS}
               rpmbuild --undefine=_disable_source_fetch -ba "$SPEC_FILE"
@@ -349,7 +297,7 @@ jobs:
           key: ${{ github.sha }}-${{ github.run_id }}-rpm-${{ matrix.distrib }}
 
   package-deb:
-    needs: [get-environment, generate-matrices, get-packaging-images]
+    needs: [get-environment, generate-matrices]
     if: |
       needs.get-environment.outputs.skip_workflow == 'false' &&
       needs.get-environment.outputs.stability != 'stable'
@@ -364,17 +312,17 @@ jobs:
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
-      - name: Restore packaging image from cache
-        uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
         with:
-          path: ./${{ matrix.image }}
-          key: ${{ matrix.image }}-${{ github.sha }}-${{ github.run_id }}
-          fail-on-cache-miss: true
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
 
-      - name: Load packaging image
+      - name: Pull packaging image from ghcr.io
         env:
-          IMAGE_NAME: ${{ matrix.image }}
-        run: docker load --input "./${IMAGE_NAME}"
+          GHCR_IMAGE: ghcr.io/${{ github.repository }}/${{ matrix.image }}:latest
+        run: docker pull "${GHCR_IMAGE}"
         shell: bash
 
       - name: Parse distrib name
@@ -385,7 +333,7 @@ jobs:
 
       - if: ${{ matrix.use_dh_make_perl == 'false' }}
         env:
-          DOCKER_IMAGE: ${{ vars.DOCKER_INTERNAL_REGISTRY_URL }}/${{ matrix.image }}
+          DOCKER_IMAGE: ghcr.io/${{ github.repository }}/${{ matrix.image }}:latest
           VERSION: ${{ matrix.version || matrix.cpan_version }}
           DEB_DEPENDENCIES: ${{ matrix.deb_dependencies }}
           DEB_PROVIDES: ${{ matrix.deb_provides }}
@@ -406,13 +354,13 @@ jobs:
             -e NO_AUTO_DEPENDS -e PREINSTALL_CPANLIBS -e PREINSTALL_PACKAGES \
             -e PKG_NAME -e PKG_EXT -e DISTRIB -e REVISION \
             -e DISTRIB_SEPARATOR -e DISTRIB_SUFFIX \
-            "${DOCKER_IMAGE}:latest" \
+            "${DOCKER_IMAGE}" \
             bash .github/scripts/perl-cpan-libraries/package-cpan-deb-fpm.sh
         shell: bash
 
       - if: ${{ matrix.use_dh_make_perl == 'true' }}
         env:
-          DOCKER_IMAGE: ${{ vars.DOCKER_INTERNAL_REGISTRY_URL }}/${{ matrix.image }}
+          DOCKER_IMAGE: ghcr.io/${{ github.repository }}/${{ matrix.image }}:latest
           VERSION: ${{ matrix.version || matrix.cpan_version }}
           PREINSTALL_CPANLIBS: ${{ matrix.preinstall_cpanlibs }}
           PREINSTALL_PACKAGES: ${{ matrix.preinstall_packages }}
@@ -428,7 +376,7 @@ jobs:
             -e VERSION -e PREINSTALL_CPANLIBS -e PREINSTALL_PACKAGES \
             -e PKG_NAME -e DISTRIB -e REVISION \
             -e DISTRIB_SEPARATOR -e DISTRIB_SUFFIX \
-            "${DOCKER_IMAGE}:latest" \
+            "${DOCKER_IMAGE}" \
             bash .github/scripts/perl-cpan-libraries/package-cpan-deb-dhmaker.sh
         shell: bash
 

.github/workflows/plugins-robot-tests.yml

@@ -45,57 +45,8 @@ on:
         description: "Robot tags to include in tests"
         type: string
         default: ""
-    secrets:
-      registry_username:
-        required: true
-      registry_password:
-        required: true
-
 jobs:
-  test-image-to-cache:
-    runs-on: ${{ contains(inputs.image, 'arm') && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }}
-    steps:
-      - name: Checkout sources
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-
-      - name: Login to Registry
-        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
-        with:
-          registry: ${{ vars.DOCKER_INTERNAL_REGISTRY_URL }}
-          username: ${{ secrets.registry_username }}
-          password: ${{ secrets.registry_password }}
-
-      - name: Login to Proxy Registry
-        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
-        with:
-          registry: ${{ vars.DOCKER_PROXY_REGISTRY_URL }}
-          username: ${{ secrets.registry_username }}
-          password: ${{ secrets.registry_password }}
-
-      - name: Load image
-        env:
-          DOCKER_IMAGE: ${{ vars.DOCKER_INTERNAL_REGISTRY_URL }}/${{ inputs.image }}
-        run: |
-          docker image prune -af
-          docker pull $DOCKER_IMAGE
-        shell: bash
-
-      - name: Save image on disk
-        env:
-          IMAGE_NAME: ${{ inputs.image }}
-          DOCKER_IMAGE: ${{ vars.DOCKER_INTERNAL_REGISTRY_URL }}/${{ inputs.image }}
-        run: |
-          docker save -o ./$IMAGE_NAME $DOCKER_IMAGE
-        shell: bash
-
-      - name: Save image into cache
-        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
-        with:
-          path: ./${{ inputs.image }}
-          key: ${{ inputs.image }}-${{ github.sha }}-${{ github.run_id }}
-
   robot-test:
-    needs: [test-image-to-cache]
     runs-on: ${{ contains(inputs.image, 'arm') && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }}
 
     strategy:
@@ -110,12 +61,18 @@ jobs:
       - name: Checkout sources
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
-      - name: Get the cached docker image for tests
-        uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
         with:
-          path: ./${{ inputs.image }}
-          key: ${{ inputs.image }}-${{ github.sha }}-${{ github.run_id }}
-          fail-on-cache-miss: true
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+
+      - name: Pull test image from ghcr.io
+        env:
+          GHCR_IMAGE: ghcr.io/${{ github.repository }}/${{ inputs.image }}:latest
+        run: docker pull "${GHCR_IMAGE}"
+        shell: bash
 
       - name: Get the cached plugins
         if: ${{ inputs.get-packages == 'True' }}
@@ -132,15 +89,10 @@ jobs:
           key: ${{ inputs.plugins-json-cache-key }}
           fail-on-cache-miss: true
 
-      - name: Load image
-        env:
-          IMAGE_NAME: ${{ inputs.image }}
-        run: docker load --input ./$IMAGE_NAME
-
       - name: Install, test and remove plugin
         shell: bash
         env:
-          DOCKER_IMAGE: ${{ vars.DOCKER_INTERNAL_REGISTRY_URL }}/${{ inputs.image }}
+          DOCKER_IMAGE: ghcr.io/${{ github.repository }}/${{ inputs.image }}:latest
           PACKAGE_EXTENSION: ${{ inputs.package-extension }}
           RUNNER_ID: ${{ matrix.index }}
           SKIP_ROBOT_TESTS: ${{ inputs.skip-robot-tests }}

.github/workflows/plugins.yml

@@ -432,9 +432,6 @@ jobs:
       plugins-json-cache-key: plugins-${{ github.sha }}-${{ github.run_id }}
       skip-robot-tests: ${{ matrix.skip_robot_tests }}
       exclude-robot-tags: centreon-generic-snmp
-    secrets:
-      registry_username: ${{ secrets.HARBOR_CENTREON_PULL_USERNAME }}
-      registry_password: ${{ secrets.HARBOR_CENTREON_PULL_TOKEN }}
 
   deliver-packages:
     needs: [get-environment, get-plugins, test-plugins]