From 9b77ac121fe0191441ab98c21c08fb5b500490c2 Mon Sep 17 00:00:00 2001 From: Stephen Augustus Date: Sat, 12 Aug 2023 21:27:50 -0400 Subject: [PATCH] images: Build images via `ko` (#165) Signed-off-by: Stephen Augustus --- .github/workflows/presubmits.yml | 6 ++++ .github/workflows/release.yml | 53 ++++++++++++++++++++++++++++++++ .ko.yaml | 14 +++++++++ Dockerfile | 14 --------- magefile.go | 25 ++++++++++++--- 5 files changed, 94 insertions(+), 18 deletions(-) create mode 100644 .github/workflows/release.yml create mode 100644 .ko.yaml delete mode 100644 Dockerfile diff --git a/.github/workflows/presubmits.yml b/.github/workflows/presubmits.yml index 8ce57ac5..0031faa1 100644 --- a/.github/workflows/presubmits.yml +++ b/.github/workflows/presubmits.yml @@ -33,6 +33,12 @@ jobs: version: v1.14.0 args: build + - name: Build images + uses: magefile/mage-action@3b833fb24c0d19eed3aa760b9eb285b4b84f420f # v2.3.0 + with: + version: v1.14.0 + args: buildImagesLocal + verify: runs-on: ubuntu-latest steps: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..97764210 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,53 @@ +name: Release + +on: + push: + branches: + - main + tags: + - v* + +env: + COSIGN_EXPERIMENTAL: true + +jobs: + build-image: + runs-on: ubuntu-latest + + permissions: + id-token: write + packages: write + contents: read + + steps: + - name: Harden Runner + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 + with: + egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs + + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + + - name: Set up Go + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + with: + go-version: 1.19 + check-latest: true + + - name: Install ko + uses: ko-build/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6 + + - name: Install cosign + uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 # v3.1.1 + + - name: Log into ghcr.io + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build images + uses: magefile/mage-action@3b833fb24c0d19eed3aa760b9eb285b4b84f420f # v2.3.0 + with: + version: v1.14.0 + args: buildImages diff --git a/.ko.yaml b/.ko.yaml new file mode 100644 index 00000000..505e59e0 --- /dev/null +++ b/.ko.yaml @@ -0,0 +1,14 @@ +--- +defaultBaseImage: cgr.dev/chainguard/static + +builds: + - id: gh-jira-issue-sync + dir: . + main: ./main.go + env: + - CGO_ENABLED=0 + flags: + - -trimpath + ldflags: + - -extldflags "-static" + - "{{ .Env.GHJIRA_LDFLAGS }}" diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 6d655dd3..00000000 --- a/Dockerfile +++ /dev/null @@ -1,14 +0,0 @@ -FROM cgr.dev/chainguard/go:1.21@sha256:5b38eade1728ebe11473c832176e080e4baae756ef1f324e6712075b26bf111c as build - -COPY . . -RUN CGO_ENABLED=0 go build . - -FROM cgr.dev/chainguard/static - -COPY --from=build gh-jira-issue-sync /bin/gh-jira-issue-sync - -COPY config.json /etc/config.json - -ENTRYPOINT ["/bin/gh-jira-issue-sync"] - -CMD ["--config", "/etc/config.json"] diff --git a/magefile.go b/magefile.go index d35732e4..28191616 100644 --- a/magefile.go +++ b/magefile.go @@ -34,9 +34,12 @@ import ( var Default = Verify const ( - binDir = "bin" - moduleName = "github.com/uwu-tools/gh-jira-issue-sync" - scriptDir = "scripts" + binDir = "bin" + scriptDir = "scripts" + + // Module variables. + orgName = "uwu-tools" + toolName = "gh-jira-issue-sync" // Versions. golangciVersion = "v1.50.1" @@ -51,6 +54,20 @@ const ( coverProfileFilename = "unit-coverage.out" ) +var ( + moduleName = fmt.Sprintf( + "github.com/%s/%s", + orgName, + toolName, + ) + + koDockerRepo = fmt.Sprintf( + "ghcr.io/%s/%s", + orgName, + toolName, + ) +) + // All runs all targets for this repository func All() error { if err := Verify(); err != nil { @@ -177,7 +194,7 @@ func BuildBinariesSnapshot() error { ) } -// BuildImages build bom image using ko +// BuildImages build image using ko func BuildImages() error { fmt.Println("Building images with ko...")