From ce3ecb465475a43b4f13e9405ef7082bae63f81d Mon Sep 17 00:00:00 2001 From: rongxin Date: Thu, 7 May 2026 14:47:21 +0800 Subject: [PATCH 1/5] chore: migrate image registry from hkccr to ghcr.io Replace hkccr.ccs.tencentyun.com/api7-dev/ with ghcr.io/api7/ across all workflow files, Makefile, and test framework configs. Update the private registry login step to use GHCR with GITHUB_TOKEN instead of Tencent Cloud credentials. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .github/workflows/conformance-test.yml | 8 ++++---- .github/workflows/e2e-test-k8s.yml | 8 ++++---- .github/workflows/e2e-test.yml | 8 ++++---- Makefile | 18 +++++++++--------- test/e2e/framework/api7_dashboard.go | 4 ++-- test/e2e/framework/manifests/dp.yaml | 2 +- 6 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.github/workflows/conformance-test.yml b/.github/workflows/conformance-test.yml index 4f3d1422..5d3333b6 100644 --- a/.github/workflows/conformance-test.yml +++ b/.github/workflows/conformance-test.yml @@ -63,12 +63,12 @@ jobs: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - - name: Login to Private Registry + - name: Login to GHCR uses: docker/login-action@v3 with: - registry: hkccr.ccs.tencentyun.com - username: ${{ secrets.PRIVATE_DOCKER_USERNAME }} - password: ${{ secrets.PRIVATE_DOCKER_PASSWORD }} + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Build images env: diff --git a/.github/workflows/e2e-test-k8s.yml b/.github/workflows/e2e-test-k8s.yml index f1b2cd7f..5f21aa24 100644 --- a/.github/workflows/e2e-test-k8s.yml +++ b/.github/workflows/e2e-test-k8s.yml @@ -58,12 +58,12 @@ jobs: chmod 700 get_helm.sh ./get_helm.sh - - name: Login to Private Registry + - name: Login to GHCR uses: docker/login-action@v3 with: - registry: hkccr.ccs.tencentyun.com - username: ${{ secrets.PRIVATE_DOCKER_USERNAME }} - password: ${{ secrets.PRIVATE_DOCKER_PASSWORD }} + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Launch Kind Cluster env: diff --git a/.github/workflows/e2e-test.yml b/.github/workflows/e2e-test.yml index 807d30a5..1bc73a1c 100644 --- a/.github/workflows/e2e-test.yml +++ b/.github/workflows/e2e-test.yml @@ -72,12 +72,12 @@ jobs: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - - name: Login to Private Registry + - name: Login to GHCR uses: docker/login-action@v3 with: - registry: hkccr.ccs.tencentyun.com - username: ${{ secrets.PRIVATE_DOCKER_USERNAME }} - password: ${{ secrets.PRIVATE_DOCKER_PASSWORD }} + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Build images env: diff --git a/Makefile b/Makefile index 51fbe472..599a47a9 100644 --- a/Makefile +++ b/Makefile @@ -202,9 +202,9 @@ kind-down: .PHONY: kind-load-images kind-load-images: pull-infra-images kind-load-ingress-image kind-load-adc-image - @kind load docker-image hkccr.ccs.tencentyun.com/api7-dev/api7-ee-3-gateway:dev --name $(KIND_NAME) - @kind load docker-image hkccr.ccs.tencentyun.com/api7-dev/api7-ee-dp-manager:$(DASHBOARD_VERSION) --name $(KIND_NAME) - @kind load docker-image hkccr.ccs.tencentyun.com/api7-dev/api7-ee-3-integrated:$(DASHBOARD_VERSION) --name $(KIND_NAME) + @kind load docker-image ghcr.io/api7/api7-ee-3-gateway:dev --name $(KIND_NAME) + @kind load docker-image ghcr.io/api7/api7-ee-dp-manager:$(DASHBOARD_VERSION) --name $(KIND_NAME) + @kind load docker-image ghcr.io/api7/api7-ee-3-integrated:$(DASHBOARD_VERSION) --name $(KIND_NAME) @kind load docker-image kennethreitz/httpbin:latest --name $(KIND_NAME) @kind load docker-image jmalloc/echo-server:latest --name $(KIND_NAME) @kind load docker-image apache/apisix:dev --name $(KIND_NAME) @@ -212,12 +212,12 @@ kind-load-images: pull-infra-images kind-load-ingress-image kind-load-adc-image .PHONY: kind-load-gateway-image kind-load-gateway-image: - @kind load docker-image hkccr.ccs.tencentyun.com/api7-dev/api7-ee-3-gateway:dev --name $(KIND_NAME) + @kind load docker-image ghcr.io/api7/api7-ee-3-gateway:dev --name $(KIND_NAME) .PHONY: kind-load-dashboard-images kind-load-dashboard-images: - @kind load docker-image hkccr.ccs.tencentyun.com/api7-dev/api7-ee-dp-manager:$(DASHBOARD_VERSION) --name $(KIND_NAME) - @kind load docker-image hkccr.ccs.tencentyun.com/api7-dev/api7-ee-3-integrated:$(DASHBOARD_VERSION) --name $(KIND_NAME) + @kind load docker-image ghcr.io/api7/api7-ee-dp-manager:$(DASHBOARD_VERSION) --name $(KIND_NAME) + @kind load docker-image ghcr.io/api7/api7-ee-3-integrated:$(DASHBOARD_VERSION) --name $(KIND_NAME) .PHONY: kind-load-ingress-image kind-load-ingress-image: @@ -231,9 +231,9 @@ kind-load-adc-image: .PHONY: pull-infra-images pull-infra-images: - @docker pull hkccr.ccs.tencentyun.com/api7-dev/api7-ee-3-gateway:dev - @docker pull hkccr.ccs.tencentyun.com/api7-dev/api7-ee-dp-manager:$(DASHBOARD_VERSION) - @docker pull hkccr.ccs.tencentyun.com/api7-dev/api7-ee-3-integrated:$(DASHBOARD_VERSION) + @docker pull ghcr.io/api7/api7-ee-3-gateway:dev + @docker pull ghcr.io/api7/api7-ee-dp-manager:$(DASHBOARD_VERSION) + @docker pull ghcr.io/api7/api7-ee-3-integrated:$(DASHBOARD_VERSION) @docker pull kennethreitz/httpbin:latest @docker pull jmalloc/echo-server:latest @docker pull ghcr.io/api7/adc:dev diff --git a/test/e2e/framework/api7_dashboard.go b/test/e2e/framework/api7_dashboard.go index c88151e0..8e05a881 100644 --- a/test/e2e/framework/api7_dashboard.go +++ b/test/e2e/framework/api7_dashboard.go @@ -45,7 +45,7 @@ func init() { tmpl, err := template.New("values.yaml").Parse(` dashboard: image: - repository: hkccr.ccs.tencentyun.com/api7-dev/api7-ee-3-integrated + repository: ghcr.io/api7/api7-ee-3-integrated pullPolicy: IfNotPresent tag: {{ .Tag }} extraEnvVars: @@ -61,7 +61,7 @@ dashboard: mountPath: /app/covdatafiles dp_manager: image: - repository: hkccr.ccs.tencentyun.com/api7-dev/api7-ee-dp-manager + repository: ghcr.io/api7/api7-ee-dp-manager pullPolicy: IfNotPresent tag: {{ .Tag }} extraEnvVars: diff --git a/test/e2e/framework/manifests/dp.yaml b/test/e2e/framework/manifests/dp.yaml index d4692e9b..7608c9de 100644 --- a/test/e2e/framework/manifests/dp.yaml +++ b/test/e2e/framework/manifests/dp.yaml @@ -181,7 +181,7 @@ spec: spec: #serviceAccountName: ginkgo containers: - - image: hkccr.ccs.tencentyun.com/api7-dev/api7-ee-3-gateway:dev + - image: ghcr.io/api7/api7-ee-3-gateway:dev imagePullPolicy: IfNotPresent env: {{- if not .TLSEnabled }} From 9d8ecb688f86290eac07398ddd3a28843c141d53 Mon Sep 17 00:00:00 2001 From: rongxin Date: Thu, 7 May 2026 14:53:48 +0800 Subject: [PATCH 2/5] chore: remove legacy registry login and add packages:read permission - Remove leftover 'Login to Registry' steps from e2e-test.yml and conformance-test.yml - Add permissions (contents: read, packages: read) to all three workflow jobs to ensure GHCR pulls work under restricted token settings Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .github/workflows/conformance-test.yml | 10 +++------- .github/workflows/e2e-test-k8s.yml | 3 +++ .github/workflows/e2e-test.yml | 10 +++------- 3 files changed, 9 insertions(+), 14 deletions(-) diff --git a/.github/workflows/conformance-test.yml b/.github/workflows/conformance-test.yml index 5d3333b6..649e6fd2 100644 --- a/.github/workflows/conformance-test.yml +++ b/.github/workflows/conformance-test.yml @@ -35,6 +35,9 @@ jobs: CONFORMANCE_TEST_REPORT_OUTPUT: /tmp/api7-ingress-controller-conformance-report.yaml timeout-minutes: 60 runs-on: ubuntu-latest + permissions: + contents: read + packages: read steps: - name: Checkout uses: actions/checkout@v4 @@ -56,13 +59,6 @@ jobs: chmod 700 get_helm.sh ./get_helm.sh - - name: Login to Registry - uses: docker/login-action@v3 - with: - registry: ${{ secrets.DOCKER_REGISTRY }} - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - name: Login to GHCR uses: docker/login-action@v3 with: diff --git a/.github/workflows/e2e-test-k8s.yml b/.github/workflows/e2e-test-k8s.yml index 5f21aa24..0ee54bbb 100644 --- a/.github/workflows/e2e-test-k8s.yml +++ b/.github/workflows/e2e-test-k8s.yml @@ -38,6 +38,9 @@ jobs: cases_subset: - v2 runs-on: self-hosted + permissions: + contents: read + packages: read steps: - name: Checkout uses: actions/checkout@v4 diff --git a/.github/workflows/e2e-test.yml b/.github/workflows/e2e-test.yml index 1bc73a1c..be53d82c 100644 --- a/.github/workflows/e2e-test.yml +++ b/.github/workflows/e2e-test.yml @@ -41,6 +41,9 @@ jobs: - webhook fail-fast: false runs-on: ubuntu-latest + permissions: + contents: read + packages: read steps: - name: Checkout uses: actions/checkout@v4 @@ -65,13 +68,6 @@ jobs: - name: Install ginkgo run: make install-ginkgo - - name: Login to Registry - uses: docker/login-action@v3 - with: - registry: ${{ secrets.DOCKER_REGISTRY }} - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - name: Login to GHCR uses: docker/login-action@v3 with: From 138d2d4f4cd0b2fdb339469591c48845e82ba77c Mon Sep 17 00:00:00 2001 From: rongxin Date: Thu, 7 May 2026 15:07:51 +0800 Subject: [PATCH 3/5] chore: retrigger CI Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> From cfce22b1317d29c8484388a1edeaeab9d560f1b3 Mon Sep 17 00:00:00 2001 From: AlinsRan Date: Thu, 7 May 2026 15:45:54 +0800 Subject: [PATCH 4/5] Update conformance-test.yml --- .github/workflows/conformance-test.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/conformance-test.yml b/.github/workflows/conformance-test.yml index 649e6fd2..f71dde0d 100644 --- a/.github/workflows/conformance-test.yml +++ b/.github/workflows/conformance-test.yml @@ -36,7 +36,6 @@ jobs: timeout-minutes: 60 runs-on: ubuntu-latest permissions: - contents: read packages: read steps: - name: Checkout From 65c6747c70f3f814a5153eead2f01f487057925d Mon Sep 17 00:00:00 2001 From: rongxin Date: Thu, 7 May 2026 16:50:50 +0800 Subject: [PATCH 5/5] chore: add pull-requests write permission for add-pr-comment action Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .github/workflows/conformance-test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/conformance-test.yml b/.github/workflows/conformance-test.yml index f71dde0d..6ab37de1 100644 --- a/.github/workflows/conformance-test.yml +++ b/.github/workflows/conformance-test.yml @@ -37,6 +37,7 @@ jobs: runs-on: ubuntu-latest permissions: packages: read + pull-requests: write steps: - name: Checkout uses: actions/checkout@v4