Implemented sysbox runtime for docker image build and push step

Update Kubernetes service account name
2025-07-30 22:23:44 +02:00 · 2025-07-30 22:22:52 +02:00
3 changed files with 29 additions and 50 deletions
--- a/argo-workflows/acr-pusher.yaml
+++ b/argo-workflows/acr-pusher.yaml
@@ -1,5 +1,5 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: edu-agentpool
+  name: argo-workflows-user
  namespace: argo
--- a/argo-workflows/build.yaml
+++ b/argo-workflows/build.yaml
@@ -9,12 +9,14 @@ spec:
      - name: repo
        value: https://gitea.marcin00.pl/pikram/user-microservice.git
      - name: branch
-        value: main
+        value: dev
      - name: image
        value: marcin00.azurecr.io/user-microservice
-      - name: registry_server
-        value: marcin00.azurecr.io
-  serviceAccountName: edu-agentpool
+      - name: acr-name
+        value: marcin00
+      - name: client-id # client-id of the user-assigned managed identity used by cluster
+        value: c302726f-fafb-4143-94c1-67a70975574a
+  serviceAccountName: argo-workflows-user
  volumeClaimTemplates:
  - metadata:
      name: workspace
@@ -32,7 +34,7 @@ spec:
        secretProviderClass: azure-keyvault
  templates:

-  # 🔁 Main steps sequence
+  # Main steps sequence
  - name: main
    steps:
      - - name: checkout
@@ -45,14 +47,14 @@ spec:
                value: "{{workflow.parameters.branch}}"
      - - name: tests
          template: tests
-      - - name: build-test-and-push-image
-          template: build-test-and-push-image
+      - - name: build-and-push-image
+          template: build-and-push-image
          arguments:
            parameters:
              - name: git-sha
                value: "{{steps.checkout.outputs.parameters.git-sha}}"

-  # 📦 GIT CHECKOUT
+  # GIT CHECKOUT
  - name: checkout
    inputs:
      parameters:
@@ -76,7 +78,7 @@ spec:
          valueFrom:
            path: /tmp/gitsha.txt

-  # 🧪 PYTHON TESTS
+  # PYTHON TESTS
  - name: tests
    script:
      image: python:3.11.7-alpine
@@ -84,59 +86,36 @@ spec:
      workingDir: /workspace/repo/api
      source: |
        python3 -m venv env
-        . env/bin/activate
+        source env/bin/activate
        pip install -r requirements.txt pytest
        python3 -m pytest --junit-xml=pytest_junit.xml
      volumeMounts:
        - name: workspace
          mountPath: /workspace

-# 🐳 BUILDS AND GOSS TESTS
-  - name: build-test-and-push-image
+  # BUILD AND PUSH DOCKER IMAGE
+  - name: build-and-push-image
    inputs:
      parameters:
        - name: git-sha
+    metadata:
+      annotations:
+        io.kubernetes.cri-o.userns-mode: "auto:size=65536"
    container:
-      image: docker:dind
+      image: marcin00.azurecr.io/azure-cli-docker:slim-bookworm
      command: [sh, -c]
      workingDir: /workspace/repo
      args:
        - |
-          dockerd-entrypoint.sh &
-          sleep 3
-          DOCKER_IMAGE={{workflow.parameters.image}}:{{inputs.parameters.git-sha}}
-          docker build -t $DOCKER_IMAGE .
-
-          apk add --no-cache bash
-
-          wget https://github.com/aelsabbahy/goss/releases/latest/download/goss-linux-amd64 -O goss
-          wget https://github.com/aelsabbahy/goss/releases/latest/download/dgoss -O dgoss
-          chmod +rx *goss
-
-          export GOSS_OPTS="-f junit"
-          export GOSS_PATH=./goss
-          export GOSS_SLEEP=3
-          ./dgoss run -e SQLALCHEMY_DATABASE_URI=sqlite:///:memory: $DOCKER_IMAGE > /workspace/goss_junit.xml
+          dockerd &
+          CI_COMMIT_SHA={{inputs.parameters.git-sha}}
+          DOCKER_IMAGE={{workflow.parameters.image}}:${CI_COMMIT_SHA}
+          docker build -t $DOCKER_IMAGE --build-arg APP_VERSION=${CI_COMMIT_SHA} --build-arg BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") .
          
-          echo "===> Logging into ACR"
-          ACR_PASSWORD=$(cat /mnt/secrets/acr-password)
-          echo "$ACR_PASSWORD" | docker login {{workflow.parameters.registry_server}} -u $ACR_USERNAME --password-stdin
-
-          echo "===> Pushing image to ACR"
-          docker push $DOCKER_IMAGE
-      env:
-        - name: ACR_USERNAME
-          value: marcin00
-      securityContext:
-        privileged: true
+          az login --identity --client-id {{workflow.parameters.client_id}}
+          az acr login --name {{workflow.parameters.acr-name}}
+          docker push ${DOCKER_IMAGE}
+      runtimeClassName: sysbox-runc
      volumeMounts:
        - name: workspace
          mountPath: /workspace
-        - name: docker-library
-          mountPath: /var/lib/docker
-        - name: secrets-store
-          mountPath: "/mnt/secrets"
-          readOnly: true
-    volumes:
-      - name: docker-library
-        emptyDir: {}
--- a/argo-workflows/role-binding.yaml
+++ b/argo-workflows/role-binding.yaml
@@ -1,11 +1,11 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: argo-edu-agentpool-binding
+  name: argo-workflows-role-binding
  namespace: argo
 subjects:
  - kind: ServiceAccount
-    name: edu-agentpool
+    name: argo-workflows-user
    namespace: argo
 roleRef:
  kind: Role
Author	SHA1	Message	Date
Marcin-Ramotowski	dd248dc0b9	Implemented sysbox runtime for docker image build and push step	2025-07-30 22:23:44 +02:00
Marcin-Ramotowski	c8cd08d7ff	Update Kubernetes service account name	2025-07-30 22:22:52 +02:00