cloud-pipeline icon indicating copy to clipboard operation
cloud-pipeline copied to clipboard

Published 20 hours ago verified publisher icon epam

[GCP Artifact Registry] Support notifications for GCP Artifact Registry

Open mzueva opened this issue 8 months ago • 1 comments

Background For local docker registry new tools are automatically registered using DockerRegistryController.notifyDockerRegistryEvents API method (it is possible to configure a hook that will be called on any docker registry event. GCP Artifactory also provides a was to receive notifications from push events: https://cloud.google.com/artifact-registry/docs/configure-notifications

Approach Check notification approach suggested by GCP https://cloud.google.com/artifact-registry/docs/configure-notifications and investigate if it is possible to used it for platform deployed in GCP.

mzueva avatar Mar 04 '25 10:03 mzueva

Any change in artifact registry will be put in topic named "gcr".

source: https://cloud.google.com/run/docs/tutorials/pubsub

  1. gcloud config set project PROJECT_ID
  2. gcloud config set run/region REGION
  3. gcloud artifacts repositories create REPOSITORY --repository-format=docker --location=REGION
  4. gcloud pubsub topics create myRunTopic
  5. git clone https://github.com/GoogleCloudPlatform/java-docs-samples.git
  6. cd java-docs-samples/run/pubsub/
  7. gcloud auth configure-docker
  8. mvn compile jib:build -D image=REGION-docker.pkg.dev/PROJECT_ID/REPOSITORY/pubsub
  9. gcloud run deploy pubsub-tutorial --image REGION-docker.pkg.dev/PROJECT_ID/REPOSITORY/pubsub --no-allow-unauthenticated
  10. gcloud iam service-accounts create cloud-run-pubsub-invoker \ --display-name "Cloud Run Pub/Sub Invoker"
  11. gcloud run services add-iam-policy-binding pubsub-tutorial \ --member=serviceAccount:cloud-run-pubsub-invoker@PROJECT_ID.iam.gserviceaccount.com \ --role=roles/run.invoker
  12. gcloud projects add-iam-policy-binding PROJECT_ID \ --member=serviceAccount:[email protected] \ --role=roles/iam.serviceAccountTokenCreator
  13. gcloud pubsub subscriptions create myRunSubscription --topic myRunTopic \ --ack-deadline=600 \ --push-endpoint=SERVICE-URL/ \ --push-auth-service-account=cloud-run-pubsub-invoker@PROJECT_ID.iam.gserviceaccount.com
  14. gcloud pubsub topics publish myRunTopic --message "Runner"

message formats: 1. When tag is removed for an image: { "action": "DELETE", "tag": "europe-west3-docker.pkg.dev/project/docker-repository/postgres:9.6" }

2. When image is removed: { "action": "DELETE", "digest": "europe-west3-docker.pkg.dev/project/docker-repository/postgres@sha256:decbf20be3383f2ba0cfcf67addd5b635d442b4739132e666ed407b6f98abfc6" }

3. When image is added : { "action": "INSERT", "digest": "europe-west3-docker.pkg.dev/project/docker-repository/cellprofile-web-api@sha256:806e5058a24278842880f47e73adb35673cad7e1c1bfa2c1192fa9e20fa99978", "tag": "europe-west3-docker.pkg.dev/project/docker-repository/cellprofile-web-api:bkp3" }

This is the raw format of a message from pub/sub:

{ "message": { "data": "base64-encoded-data", "messageId": "13603399295873681", "message_id": "13603399295873681", "publishTime": "2025-03-12T07:55:12.681Z", "publish_time": "2025-03-12T07:55:12.681Z" }, "subscription": "projects/hl2-epm-gnai10-t1iylu/subscriptions/myRunSubscription" }

in "message" -> "data" could be one of the 3 options of messages described previously

kbashpayev avatar Mar 11 '25 12:03 kbashpayev