From e1689f59f6169c75bac0ceda9c814532137e34d6 Mon Sep 17 00:00:00 2001 From: andrussal Date: Tue, 16 Dec 2025 11:43:06 +0100 Subject: [PATCH] scripts: allow public ECR image selection --- scripts/push-ecr-test.sh | 41 ++++++++++++++----- scripts/run-examples.sh | 40 ++++++++++++------ .../runners/k8s/helm/nomos-runner/values.yaml | 2 +- .../runners/k8s/src/infrastructure/assets.rs | 2 +- 4 files changed, 60 insertions(+), 25 deletions(-) diff --git a/scripts/push-ecr-test.sh b/scripts/push-ecr-test.sh index 14278c5..534965a 100755 --- a/scripts/push-ecr-test.sh +++ b/scripts/push-ecr-test.sh @@ -3,25 +3,44 @@ set -euo pipefail ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" -AWS_REGION="ap-southeast-2" -AWS_ACCOUNT_ID="968061875204" -ECR_REGISTRY="${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com" -ECR_REPO="logos-blockchain-testing" -TAG="test" +# Publishes the testnet image to ECR Public by default. +# +# Env overrides: +# TAG - image tag (default: test) +# ECR_IMAGE_REPO - full repo path without tag (default: public.ecr.aws/r4s5t9y4/logos/logos-blockchain) +# AWS_REGION - AWS region for ecr-public login (default: us-east-1) +# +# Legacy (private ECR) overrides: +# AWS_ACCOUNT_ID - if set, uses private ECR login/push unless ECR_IMAGE_REPO points at public.ecr.aws -LOCAL_IMAGE="${ECR_REPO}:${TAG}" -REMOTE_IMAGE="${ECR_REGISTRY}/${ECR_REPO}:${TAG}" +TAG="${TAG:-test}" +ECR_IMAGE_REPO="${ECR_IMAGE_REPO:-public.ecr.aws/r4s5t9y4/logos/logos-blockchain}" +AWS_REGION="${AWS_REGION:-us-east-1}" + +LOCAL_IMAGE="${LOCAL_IMAGE:-logos-blockchain-testing:${TAG}}" +REMOTE_IMAGE="${ECR_IMAGE_REPO}:${TAG}" export DOCKER_DEFAULT_PLATFORM="linux/amd64" export CIRCUITS_PLATFORM="${CIRCUITS_PLATFORM:-linux-x86_64}" -export IMAGE_TAG="${LOCAL_IMAGE}" +export IMAGE_TAG="${REMOTE_IMAGE}" "${ROOT_DIR}/testing-framework/assets/stack/scripts/build_test_image.sh" -aws ecr get-login-password --region "${AWS_REGION}" \ - | docker login --username AWS --password-stdin "${ECR_REGISTRY}" +if [[ "${ECR_IMAGE_REPO}" == public.ecr.aws/* ]]; then + aws ecr-public get-login-password --region "${AWS_REGION}" \ + | docker login --username AWS --password-stdin "public.ecr.aws" +else + if [ -z "${AWS_ACCOUNT_ID:-}" ]; then + echo "ERROR: AWS_ACCOUNT_ID must be set for private ECR pushes (or set ECR_IMAGE_REPO=public.ecr.aws/...)" >&2 + exit 1 + fi + ECR_REGISTRY="${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com" + aws ecr get-login-password --region "${AWS_REGION}" \ + | docker login --username AWS --password-stdin "${ECR_REGISTRY}" + docker tag "${REMOTE_IMAGE}" "${ECR_REGISTRY}/${REMOTE_IMAGE#*/}" + REMOTE_IMAGE="${ECR_REGISTRY}/${REMOTE_IMAGE#*/}" +fi -docker tag "${LOCAL_IMAGE}" "${REMOTE_IMAGE}" docker push "${REMOTE_IMAGE}" echo "${REMOTE_IMAGE}" diff --git a/scripts/run-examples.sh b/scripts/run-examples.sh index 208071e..75f6e5f 100755 --- a/scripts/run-examples.sh +++ b/scripts/run-examples.sh @@ -13,10 +13,12 @@ set -euo pipefail # Env overrides: # VERSION - circuits version (default v0.3.1) # NOMOS_TESTNET_IMAGE - image reference (overridden by --ecr/--local selection) -# AWS_REGION - ECR region (default ap-southeast-2) -# AWS_ACCOUNT_ID - ECR account id (default 968061875204) -# ECR_REPO - ECR repository (default logos-blockchain-testing) -# TAG - ECR tag (default test) +# ECR_IMAGE - full image reference to use for --ecr (overrides ECR_REGISTRY/ECR_REPO/TAG) +# ECR_REGISTRY - registry hostname for --ecr (default public.ecr.aws/r4s5t9y4) +# ECR_REPO - repository path for --ecr (default logos/logos-blockchain) +# TAG - tag for --ecr (default test) +# AWS_REGION - (legacy) private ECR region; used only if AWS_ACCOUNT_ID is set and ECR_REGISTRY is unset +# AWS_ACCOUNT_ID - (legacy) private ECR account id; used only if ECR_REGISTRY is unset # NOMOS_TESTNET_IMAGE_PULL_POLICY - k8s imagePullPolicy (default IfNotPresent; set to Always for --ecr) # NOMOS_CIRCUITS_PLATFORM - override host platform detection # NOMOS_CIRCUITS_REBUILD_RAPIDSNARK - set to 1 to force rapidsnark rebuild @@ -42,10 +44,12 @@ Options: Environment: VERSION Circuits version (default v0.3.1) NOMOS_TESTNET_IMAGE Image reference (overridden by --local/--ecr selection) - AWS_REGION ECR region (default ap-southeast-2) - AWS_ACCOUNT_ID ECR account id (default 968061875204) - ECR_REPO ECR repository (default logos-blockchain-testing) - TAG ECR tag (default test) + ECR_IMAGE Full image reference for --ecr (overrides ECR_REGISTRY/ECR_REPO/TAG) + ECR_REGISTRY Registry hostname for --ecr (default public.ecr.aws/r4s5t9y4) + ECR_REPO Repository path for --ecr (default logos/logos-blockchain) + TAG Tag for --ecr (default test) + AWS_REGION (legacy) Private ECR region (used only if AWS_ACCOUNT_ID is set and ECR_REGISTRY is unset) + AWS_ACCOUNT_ID (legacy) Private ECR account id (used only if ECR_REGISTRY is unset) NOMOS_TESTNET_IMAGE_PULL_POLICY K8s imagePullPolicy (default IfNotPresent; set to Always for --ecr) NOMOS_CIRCUITS_PLATFORM Override host platform detection NOMOS_CIRCUITS_REBUILD_RAPIDSNARK Force rapidsnark rebuild @@ -177,11 +181,23 @@ select_image() { IMAGE="${NOMOS_TESTNET_IMAGE:-logos-blockchain-testing:local}" export NOMOS_TESTNET_IMAGE_PULL_POLICY="${NOMOS_TESTNET_IMAGE_PULL_POLICY:-IfNotPresent}" elif [ "${selection}" = "ecr" ]; then - local aws_region="${AWS_REGION:-ap-southeast-2}" - local aws_account_id="${AWS_ACCOUNT_ID:-968061875204}" - local ecr_repo="${ECR_REPO:-logos-blockchain-testing}" local tag="${TAG:-test}" - IMAGE="${aws_account_id}.dkr.ecr.${aws_region}.amazonaws.com/${ecr_repo}:${tag}" + if [ -n "${ECR_IMAGE:-}" ]; then + IMAGE="${ECR_IMAGE}" + elif [ -n "${ECR_REGISTRY:-}" ]; then + local registry="${ECR_REGISTRY}" + local repo="${ECR_REPO:-logos/logos-blockchain}" + IMAGE="${registry}/${repo}:${tag}" + elif [ -n "${AWS_ACCOUNT_ID:-}" ]; then + local aws_region="${AWS_REGION:-ap-southeast-2}" + local aws_account_id="${AWS_ACCOUNT_ID}" + local repo="${ECR_REPO:-logos-blockchain-testing}" + IMAGE="${aws_account_id}.dkr.ecr.${aws_region}.amazonaws.com/${repo}:${tag}" + else + local registry="public.ecr.aws/r4s5t9y4" + local repo="${ECR_REPO:-logos/logos-blockchain}" + IMAGE="${registry}/${repo}:${tag}" + fi export NOMOS_TESTNET_IMAGE_PULL_POLICY="${NOMOS_TESTNET_IMAGE_PULL_POLICY:-Always}" else fail_with_usage "Unknown image selection mode: ${selection}" diff --git a/testing-framework/runners/k8s/helm/nomos-runner/values.yaml b/testing-framework/runners/k8s/helm/nomos-runner/values.yaml index af59078..6be8048 100644 --- a/testing-framework/runners/k8s/helm/nomos-runner/values.yaml +++ b/testing-framework/runners/k8s/helm/nomos-runner/values.yaml @@ -1,4 +1,4 @@ -image: "logos-blockchain-testing:test" +image: "public.ecr.aws/r4s5t9y4/logos/logos-blockchain:test" imagePullPolicy: IfNotPresent cfgsync: diff --git a/testing-framework/runners/k8s/src/infrastructure/assets.rs b/testing-framework/runners/k8s/src/infrastructure/assets.rs index 8ad573e..ec615e0 100644 --- a/testing-framework/runners/k8s/src/infrastructure/assets.rs +++ b/testing-framework/runners/k8s/src/infrastructure/assets.rs @@ -112,7 +112,7 @@ pub fn prepare_assets(topology: &GeneratedTopology) -> Result