Add GH Actions job to push App images to ACR

.devcontainer/devcontainer.json

@@ -1,7 +1,7 @@
 {
   "name": "Sample Development Environment for CCF",
   "context": "..",
-  "image": "ccfciteam/ccf-app-ci:latest",
+  "image": "ccfmsrc.azurecr.io/ccf-sgx-app-dev:latest",
   "runArgs": [],
   "extensions": ["ms-vscode.cpptools", "ms-python.python"]
 }

.github/workflows/containers.yml

@@ -1,9 +1,13 @@
-name: "Build and Publish Release Containers"
+name: "Build and Publish Release Containers to ACR"
 
 on:
   release:
     types: [published]
 
+env:
+  ACR_REGISTRY: ccfmsrc.azurecr.io
+  ACR_TOKEN_NAME: app-push-token
+
 jobs:
   build:
     name: "Build Containers"
@@ -15,23 +19,23 @@ jobs:
         run: echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}"
         id: tref
 
-      - name: Build App CI container
-        run: docker build -f docker/app_ci . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}}" -t ccfciteam/ccf-app-ci:${{steps.tref.outputs.tag}} -t ccfciteam/ccf-app-ci:latest
+      - name: Build App Dev container
+        run: docker build -f docker/app_dev . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/ccf-sgx-app-dev:${{steps.tref.outputs.tag}} -t $ACR_REGISTRY/ccf-sgx-app-dev:latest
 
       - name: Build App Run container
-        run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}}" -t ccfciteam/ccf-app-run:${{steps.tref.outputs.tag}} -t ccfciteam/ccf-app-run:latest
+        run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/ccf-sgx-app-run:${{steps.tref.outputs.tag}} -t $ACR_REGISTRY/ccf-sgx-app-run:latest
 
       - name: Log in
-        run: docker login -u amchamay -p ${{ secrets.DOCKER_HUB_TOKEN }}
+        run: docker login -u $ACR_TOKEN_NAME -p ${{ secrets.ACR_APP_PUSH_TOKEN_PASSWORD }} $ACR_REGISTRY
 
-      - name: Push App CI container
-        run: docker push ccfciteam/ccf-app-ci:${{steps.tref.outputs.tag}}
+      - name: Push App Dev container
+        run: docker push $ACR_REGISTRY/ccf-sgx-app-dev:${{steps.tref.outputs.tag}}
 
       - name: Push App Run container
-        run: docker push ccfciteam/ccf-app-run:${{steps.tref.outputs.tag}}
+        run: docker push $ACR_REGISTRY/ccf-sgx-app-run:${{steps.tref.outputs.tag}}
 
-      - name: Push App CI latest container
-        run: docker push ccfciteam/ccf-app-ci:latest
+      - name: Push App Dev latest container
+        run: docker push $ACR_REGISTRY/ccf-sgx-app-dev:latest
 
       - name: Push App Run latest container
-        run: docker push ccfciteam/ccf-app-run:latest
+        run: docker push $ACR_REGISTRY/ccf-sgx-app-run:latest

CHANGELOG.md

@@ -16,7 +16,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Changed
 
 - Upgraded Open Enclave to 0.17.7 (#3815).
-- Added support for ciphers 'ECDHE-RSA-AES256-GCM-SHA384' and 'ECDHE-RSA-AES128-GCM-SHA256' when using TLS 1.2.
+- CCF Docker images are now available through Azure Container Registry rather than Docker Hub (#3821).
+  - The `ccfciteam/ccf-app-run` image is now available at `ccfmsrc.azurecr.io/ccf-sgx-app-run`.
+  - The `ccfciteam/ccf-app-ci` image is now available at `ccfmsrc.azurecr.io/ccf-sgx-app-dev`.
+- Added support for ciphers 'ECDHE-RSA-AES256-GCM-SHA384' and 'ECDHE-RSA-AES128-GCM-SHA256' when using TLS 1.2 (#3822).
 
 ## [2.0.0-rc8]
 

doc/contribute/build_setup.rst

@@ -22,8 +22,8 @@ The quickest way to get started building CCF applications is to use the CCF buil
 
 .. code-block:: bash
 
-    $ docker pull ccfciteam/ccf-app-ci:latest # Latest CCF release
-    $ docker pull ccfciteam/ccf-app-ci:X.YZ   # Specific CCF release
+    $ docker pull ccfmsrc.azurecr.io/ccf-sgx-app-dev:latest # Latest CCF release
+    $ docker pull ccfmsrc.azurecr.io/ccf-sgx-app-dev:X.YZ   # Specific CCF release
 
 The container contains the latest release of CCF along with a complete build toolchain, and startup scripts.
 

doc/operations/run_setup.rst

@@ -16,14 +16,14 @@ Then, to quickly set up the dependencies necessary to start CCF applications, si
 Runtime Container
 -----------------
 
-The ``ccfciteam/ccf-app-run`` container can be run to setup an environment containing the ``cchost`` binary (as per the `latest release of CCF <https://github.com/microsoft/CCF/releases/latest>`_) and the associated dependencies.
+The ``ccfmsrc.azurecr.io/ccf-sgx-app-run`` container can be run to setup an environment containing the ``cchost`` binary (as per the `latest release of CCF <https://github.com/microsoft/CCF/releases/latest>`_) and the associated dependencies.
 
-The pre-built container can be obtained from `ccfciteam/ccf-app-run <https://hub.docker.com/r/ccfciteam/ccf-app-run>`_ on hub.docker.com.
+The pre-built container can be obtained from the ``ccfmsrc.azurecr.io/ccf-sgx-app-dev`` image on Azure Container Registry:
 
 .. code-block:: bash
 
-   $ docker pull ccfciteam/ccf-app-run:latest # Latest CCF release
-   $ docker pull ccfciteam/ccf-app-run:X.YZ   # Specific CCF release
+   $ docker pull ccfmsrc.azurecr.io/ccf-sgx-app-run:latest # Latest CCF release
+   $ docker pull ccfmsrc.azurecr.io/ccf-sgx-app-run:X.YZ   # Specific CCF release
 
 The container does not contain any particular CCF enclave application, and may be helpful when deploying CCF nodes via docker, k8s, etc. It is up to the operator(s) to mount the appropriate CCF enclave application and start and manage the CCF node.
 

docker/README.md

@@ -1,12 +1,12 @@
 # Docker images for CCF
 
 - `app_run`: Builds the image containing all runtime dependencies for CCF, as well as the latest release of CCF (as per https://github.com/microsoft/CCF/releases/latest). To be used by CCF operators.
-- `app_ci`: Builds the image containing all build dependencies for CCF applications. To be used by CCF application developers.
+- `app_dev`: Builds the image containing all build dependencies for CCF applications. To be used by CCF application developers.
 - `ccf_ci`: Builds the image containing all build dependencies for CCF itself. To be used by CCF contributors. It is also used by CCF Continuous Integration pipeline.
 
 To build a given image, run:
 
 ```bash
 $ cd CCF/
-$ docker build -t <tag> -f docker/<app_run|app_ci|ccf_ci> .
+$ docker build -t <tag> -f docker/<app_run|app_dev|ccf_ci> .
 ```

tests/infra/remote_shim.py

@@ -27,6 +27,7 @@ def map_azure_devops_docker_workspace_dir(workspace_dir):
 
 
 # Docker image name prefix
+# To update when runtime images are pushed to ACR
 DOCKER_IMAGE_NAME_PREFIX = "ccfciteam/ccf-app-run"
 
 # Network name