From e037ca29a823591bde32753460740a1c6a472b77 Mon Sep 17 00:00:00 2001
From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Date: Tue, 22 Jun 2021 19:48:51 +0900
Subject: [PATCH] Migrate from Docker Hub to GHCR (#79)

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
---
 .github/workflows/ghcr.yaml | 39 +++++++++++++++++++++++++++++++++++++
 .github/workflows/main.yaml |  4 ++--
 Dockerfile                  |  2 +-
 README.md                   | 10 ++++++----
 docker-compose.yml          |  2 +-
 kube/aind.yaml              |  8 ++++----
 6 files changed, 53 insertions(+), 12 deletions(-)
 create mode 100644 .github/workflows/ghcr.yaml

diff --git a/.github/workflows/ghcr.yaml b/.github/workflows/ghcr.yaml
new file mode 100644
index 0000000..ea5e663
--- /dev/null
+++ b/.github/workflows/ghcr.yaml
@@ -0,0 +1,39 @@
+# Adopted from https://github.com/docker/metadata-action/tree/v3.3.0#basic
+# (Apache License 2.0)
+name: GHCR
+
+on:
+  push:
+    branches:
+      - 'master'
+    tags:
+      - 'v*'
+  pull_request:
+    branches:
+      - 'master'
+
+jobs:
+  ghcr:
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v3
+        with:
+          images: ghcr.io/${{ github.repository }}
+      - name: Login to GHCR
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
index 3355d38..70b4c08 100644
--- a/.github/workflows/main.yaml
+++ b/.github/workflows/main.yaml
@@ -10,9 +10,9 @@ jobs:
     - run: docker version
     - run: cat /proc/cpuinfo
 # test
-    - run: ./hack/translate-dockerfile-runopt-directive.sh < Dockerfile | DOCKER_BUILDKIT=1 docker build -f - -t aind/aind:local .
+    - run: ./hack/translate-dockerfile-runopt-directive.sh < Dockerfile | DOCKER_BUILDKIT=1 docker build -f - -t ghcr.io/aind-containers/aind:local .
     - run: sudo ./hack/install-kmod.sh
-    - run: docker run -td --name aind --privileged -p 5900:5900 -p 8080:8080 -e "WEBMODE=1" -v /lib/modules:/lib/modules:ro aind/aind:local
+    - run: docker run -td --name aind --privileged -p 5900:5900 -p 8080:8080 -e "WEBMODE=1" -v /lib/modules:/lib/modules:ro ghcr.io/aind-containers/aind:local
     - run: timeout 60 sh -exc "until docker exec aind pgrep -f org.anbox.appmgr; do sleep 10; done"
 # diagnosis
     - run: docker exec aind ps -ef
diff --git a/Dockerfile b/Dockerfile
index 69dfa33..fd3d519 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -117,7 +117,7 @@ ADD src/unsudo /usr/local/bin
 ADD src/docker-2ndboot.sh  /home/user
 
 ENV WEBMODE 0
-# Usage: docker run --rm --privileged -v /:/host --entrypoint bash aind/aind -exc "cp -f /install-kmod.sh /host/aind-install-kmod.sh && cd /host && chroot . /aind-install-kmod.sh"
+# Usage: docker run --rm --privileged -v /:/host --entrypoint bash ghcr.io/aind-containers/aind -exc "cp -f /install-kmod.sh /host/aind-install-kmod.sh && cd /host && chroot . /aind-install-kmod.sh"
 ADD hack/install-kmod.sh /
 VOLUME /var/lib/anbox
 ENTRYPOINT ["/docker-entrypoint.sh", "unsudo"]
diff --git a/README.md b/README.md
index 3aa6e9b..7f109eb 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,9 @@ AinD launches Android apps in Docker, by nesting [Anbox](https://anbox.io/) cont
 
 Unlike VM-based similar projects, AinD can be executed on IaaS instances without support for nested virtualization.
 
-Docker Hub: [`aind/aind`](https://hub.docker.com/r/aind/aind)
+GHCR: `ghcr.io/aind-containers/aind`
+
+:warning: Docker Hub image [`aind/aind`](https://hub.docker.com/r/aind/aind) is no longer updated. Please use `ghcr.io/aind-containers/aind` image on GHCR.
 
 ## Purposes
 * Anti-theft (see [FAQ](#faq))
@@ -64,7 +66,7 @@ sudo modprobe binder_linux
 ### Docker
 #### VNC
 ```bash
-docker run -td --name aind --privileged -p 5900:5900 -v /lib/modules:/lib/modules:ro aind/aind
+docker run -td --name aind --privileged -p 5900:5900 -v /lib/modules:/lib/modules:ro ghcr.io/aind-containers/aind
 docker exec aind cat /home/user/.vnc/passwdfile
 ```
 
@@ -79,7 +81,7 @@ If the application manager doesn't shown up on the VNC screen, try `docker run .
 To run the container with [noVNC](https://novnc.com/) support, the environment variable `WEBMODE` can be set with the following command:
 
 ```bash
-docker run -td --name aind --privileged -p 8080:8080 -e "WEBMODE=1" -v /lib/modules:/lib/modules:ro aind/aind
+docker run -td --name aind --privileged -p 8080:8080 -e "WEBMODE=1" -v /lib/modules:/lib/modules:ro ghcr.io/aind-containers/aind
 docker exec aind cat /home/user/.vnc/passwdfile
 ```
 
@@ -184,7 +186,7 @@ aind is expected to be used in conjunction with encryption of the client device,
 * The Anbox patches ([`./src/patches/anbox/*.patch`](./src/patches/anbox)) are licensed under the terms of [the GNU General Public License, Version 3](https://github.com/anbox/anbox/blob/master/COPYING.GPL), corresponding to [Anbox](https://github.com/anbox/anbox) itself.
 
 ### Binary image
-* [The `aind/aind` image on Docker Hub](https://hub.docker.com/r/aind/aind) (built from [`./Dockerfile`](./Dockerfile)) contains the binaries of several free software.
+* The `ghcr.io/aind-containers/aind` image on GitHub Container Registry (built from [`./Dockerfile`](./Dockerfile)) contains the binaries of several free software.
   * Anbox (`/usr/local/bin/anbox`): [the GNU General Public License, Version 3](https://github.com/anbox/anbox/blob/master/COPYING.GPL)
   * Firefox (`/apk-pre.d/fennec-*.apk`): [the Mozilla Public License 2](https://www.mozilla.org/en-US/about/legal/eula/)
   * F-Droid (`/apk-pre.d/FDroid.apk`): [the GNU General Public License, Version 3](https://gitlab.com/fdroid/fdroidclient/-/blob/master/LICENSE)
diff --git a/docker-compose.yml b/docker-compose.yml
index abd24e3..4740954 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,7 +1,7 @@
 version: '3'
 services:
     aind:
-      image: 'aind/aind'
+      image: 'ghcr.io/aind-containers/aind'
       privileged: true
       tty: true
       environment:
diff --git a/kube/aind.yaml b/kube/aind.yaml
index 7d636ab..557a899 100644
--- a/kube/aind.yaml
+++ b/kube/aind.yaml
@@ -2,7 +2,7 @@
 #
 # See README.md for the clusters known to work with.
 #
-# NOTE: replace "aind/aind:latest" with "aind/aind@sha256:<digest>" for reproducible deployment.
+# NOTE: replace "ghcr.io/aind-containers/aind:latest" with "ghcr.io/aind-containers/aind@sha256:<digest>" for reproducible deployment.
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -22,7 +22,7 @@ spec:
     spec:
       initContainers:
       - name: install-kmod
-        image: aind/aind:latest
+        image: ghcr.io/aind-containers/aind:latest
         command: ["/bin/bash"]
         args: ["-exc", "cp -f /install-kmod.sh /host/tmp/aind-install-kmod.sh && cd /host && chroot . bash /tmp/aind-install-kmod.sh"]
         securityContext:
@@ -34,14 +34,14 @@ spec:
  # Required by anbox session-manager.
  # https://github.com/aind-containers/aind/issues/21 https://github.com/containerd/containerd/issues/3221 https://github.com/moby/moby/issues/24000#issuecomment-613194003
       - name: fix-sandbox-sysfs
-        image: aind/aind:latest
+        image: ghcr.io/aind-containers/aind:latest
         command: ["/bin/bash"]
         args: ["-exc", "mount -o remount,rw /sys"]
         securityContext:
           privileged: true
       containers:
       - name: aind
-        image: aind/aind:latest
+        image: ghcr.io/aind-containers/aind:latest
         tty: true
         securityContext:
           privileged: true