Publish + pull arbor images from ghcr.io#109
Open
jee7s wants to merge 1 commit into
Open
Conversation
Switches the dev deploy and prod promotion to build/push and reference the agent + migrate images on ghcr.io/innovationtreehouse/arbor-agent instead of ECR. Companion to the infra PR that drops the ECR VPC endpoints and adds repositoryCredentials to the task defs. - deploy-dev.yml / promote-prod.yml: replace amazon-ecr-login with a ghcr.io docker/login-action (packages: write); image tags + task-def image swaps now use ghcr.io; image-existence checks use `docker buildx imagetools inspect`. - Fargate migrate run-task now uses assignPublicIp=ENABLED (it pulls the private ghcr image over the public internet now that the ECR endpoint is gone). - lambda ensureAgentRunning(): env-gated RunTask. If ECS_CAPACITY_PROVIDER is set (prod → arbor-prod-provider) it launches on that capacity provider with no networkConfiguration (host-mode agent egresses via the instance IP); unset (dev) keeps the Fargate + awsvpc + public-IP behavior. Backward-compatible. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Moves arbor's agent + migrate images from ECR → private ghcr.io (
ghcr.io/innovationtreehouse/arbor-agent). Part of the egress/ghcr migration; companion to infra PR #72 (drops ECR VPC endpoints, addsrepositoryCredentialsto the task defs) — merge/apply that first.Changes
amazon-ecr-login→docker/login-actionagainst ghcr.io (packages: write,GITHUB_TOKEN); all image build/tag/push + task-def image swaps use ghcr.io; existence checks usedocker buildx imagetools inspect.assignPublicIp=ENABLED(it pulls the private ghcr image over the public internet now that the ECR endpoint is gone; previously relied on the ECR PrivateLink endpoint withDISABLED).packages/lambda/src/index.tsensureAgentRunning(): env-gated RunTask. WithECS_CAPACITY_PROVIDERset (prod →arbor-prod-provider) it launches on that capacity provider with nonetworkConfiguration(host-mode agent egresses via the instance's public IP). Unset (dev) keeps the existing Fargate + awsvpc + public-IP path. Backward-compatible.arbor-agentmust exist and be writable by the repo'sGITHUB_TOKEN(or set a PAT), and readable by the infraghcr-pull-credentialssecret used in ECS.ECS_CAPACITY_PROVIDER=arbor-prod-provideronarbor-webhook-prod(wherever the Lambda env is configured) so the prod agent launches host-mode. Leave it unset on dev.ACCOUNT/REGIONenv on the register-task-def steps were left in place to minimize the diff.🤖 Generated with Claude Code