run our docker ci on gha runners directly

Author: ewdurbin

.github/workflows/ci.yml

@@ -14,28 +14,57 @@ concurrency:
   cancel-in-progress: true
 jobs:
   build:
-    if: github.repository == 'pypi/warehouse'
-    runs-on: depot-ubuntu-24.04-arm
+    runs-on: ubuntu-24.04-arm
     outputs:
-      buildId: ${{ steps.build.outputs.build-id}}
+      buildId: ${{ github.run_id }}
     permissions:
-      id-token: write
+      packages: write
     steps:
       - name: Check out repository
         uses: actions/checkout@v4
         with:
           persist-credentials: false
-      - name: Set up Depot CLI
-        uses: depot/setup-action@v1
-      - name: Build image
-        id: build
-        uses: depot/build-push-action@v1
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3 # zizmor: ignore[cache-poisoning]
+      - name: Cache
+        uses: actions/cache@v3 # zizmor: ignore[cache-poisoning]
+        id: cache
         with:
-          save: true
+          path: |
+            var-cache-apt
+            var-lib-apt
+            root-cache-pip
+            root-npm
+          key: cache-${{ hashFiles('Dockerfile') }}
+      - name: inject cache into docker
+        uses: reproducible-containers/[email protected]
+        with:
+          cache-map: |
+            {
+              "var-cache-apt": "/var/cache/apt",
+              "var-lib-apt": "/var/lib/apt",
+              "root-cache-pip": "/root/.cache/pip",
+              "root-npm": "/root/.npm"
+            }
+          skip-extraction: ${{ steps.cache.outputs.cache-hit }}
+      - name: Login To GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          push: true
           build-args: |
             DEVEL=yes
             CI=yes
-          tags: pypi/warehouse:ci-${{ github.run_id }}
+          tags: |
+            ghcr.io/pypi/warehouse:ci-${{ github.run_id }}
   test:
     # Time out if our test suite has gotten hung
     timeout-minutes: 15
@@ -59,13 +88,13 @@ jobs:
             command: bin/licenses
           - name: Translations
             command: bin/translations
-    runs-on: ${{ (matrix.runs_on != null) && matrix.runs_on || 'depot-ubuntu-24.04-arm' }}
+    runs-on: ubuntu-24.04-arm
     container:
-      image: registry.depot.dev/rltf7cln5v:${{ needs.build.outputs.buildId }}
+      image: ghcr.io/pypi/warehouse:ci-${{ needs.build.outputs.buildId }}
       env:
         BILLING_BACKEND: warehouse.subscriptions.services.MockStripeBillingService api_base=http://stripe:12111 api_version=2020-08-27
     permissions:
-      id-token: write
+      packages: read
     services:
       postgres:
         image: ${{ (matrix.name == 'Tests') && 'postgres:16.1' || '' }}
@@ -103,12 +132,12 @@ jobs:
   check_db:
     name: Check Database Consistency
     needs: build
-    runs-on: depot-ubuntu-24.04-arm
+    runs-on: ubuntu-24.04-arm
     continue-on-error: true
     container:
-      image: registry.depot.dev/rltf7cln5v:${{ needs.build.outputs.buildId }}
+      image: ghcr.io/pypi/warehouse:ci-${{ needs.build.outputs.buildId }}
     permissions:
-      id-token: write
+      packages: read
     services:
       postgres:
         image: postgres:16.1