From 7b7d16d4e13b7df9cf966299c65ec8d2f7087560 Mon Sep 17 00:00:00 2001 From: Daniel Salazar Date: Tue, 25 Apr 2023 16:31:36 -0500 Subject: [PATCH] feat(build): #1064 sign arm containers - Sign containers as they are deploying now - Use smaller buildjet machines - Update container registry references - Update pipeline builtin to support images Signed-off-by: Daniel Salazar --- .github/workflows/prod.yml | 4 ++-- docs/src/getting-started.md | 4 ++-- makes.nix | 4 ++-- src/evaluator/modules/pipelines/default.nix | 7 ++++++- test/pipelines/.gitlab-ci.yaml | 4 ++-- 5 files changed, 14 insertions(+), 9 deletions(-) diff --git a/.github/workflows/prod.yml b/.github/workflows/prod.yml index 89a407e8..38dc3342 100644 --- a/.github/workflows/prod.yml +++ b/.github/workflows/prod.yml @@ -19,7 +19,7 @@ jobs: args: sh -c "nix-env -if . && m . /deployContainerImage/makesLatestAmd64" deployContainerImage_makesLatestArm64: if: ${{ github.repository == 'fluidattacks/makes' }} - runs-on: buildjet-4vcpu-ubuntu-2204-arm + runs-on: buildjet-2vcpu-ubuntu-2204-arm permissions: packages: write id-token: write @@ -49,7 +49,7 @@ jobs: args: sh -c "nix-env -if . && m . /deployContainerImage/makesPinnedAmd64" deployContainerImage_makesPinnedArm64: if: ${{ github.repository == 'fluidattacks/makes' }} - runs-on: buildjet-4vcpu-ubuntu-2204-arm + runs-on: buildjet-2vcpu-ubuntu-2204-arm permissions: packages: write id-token: write diff --git a/docs/src/getting-started.md b/docs/src/getting-started.md index eaf6ac7a..54592bea 100644 --- a/docs/src/getting-started.md +++ b/docs/src/getting-started.md @@ -85,7 +85,7 @@ Example: runs-on: ubuntu-latest steps: - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 - - uses: docker://ghcr.io/fluidattacks/makes:23.04 + - uses: docker://ghcr.io/fluidattacks/makes/amd64:23.04 name: helloWorld with: args: m . /helloWorld 1 2 3 @@ -96,7 +96,7 @@ Example: ```yaml # .gitlab-ci.yml /helloWorld: - image: ghcr.io/fluidattacks/makes:23.04 + image: ghcr.io/fluidattacks/makes/amd64:23.04 script: - m . /helloWorld 1 2 3 ``` diff --git a/makes.nix b/makes.nix index 4406ab12..33278ca6 100644 --- a/makes.nix +++ b/makes.nix @@ -44,7 +44,7 @@ }; registry = "ghcr.io"; src = outputs."/container-image"; - sign = false; + sign = true; tag = "fluidattacks/makes/arm64:latest"; }; makesPinnedAmd64 = { @@ -66,7 +66,7 @@ }; registry = "ghcr.io"; src = outputs."/container-image"; - sign = false; + sign = true; tag = "fluidattacks/makes/arm64:23.04"; }; }; diff --git a/src/evaluator/modules/pipelines/default.nix b/src/evaluator/modules/pipelines/default.nix index 4e216e97..55527a64 100644 --- a/src/evaluator/modules/pipelines/default.nix +++ b/src/evaluator/modules/pipelines/default.nix @@ -32,6 +32,10 @@ default = {}; type = lib.types.attrsOf lib.types.anything; }; + image = lib.mkOption { + default = "ghcr.io/fluidattacks/makes/amd64:23.04"; + type = lib.types.str; + }; output = lib.mkOption { type = lib.types.str; }; @@ -86,13 +90,14 @@ args, gitDepth, gitlabExtra, + image, output, ... }: { name = toJobName output args; value = attrsMerge [ { - image = "ghcr.io/fluidattacks/makes:23.04"; + inherit image; interruptible = true; needs = []; script = diff --git a/test/pipelines/.gitlab-ci.yaml b/test/pipelines/.gitlab-ci.yaml index c56d09f6..820d2a40 100644 --- a/test/pipelines/.gitlab-ci.yaml +++ b/test/pipelines/.gitlab-ci.yaml @@ -1,5 +1,5 @@ /helloWorld__1__2__3: - image: ghcr.io/fluidattacks/makes:23.04 + image: ghcr.io/fluidattacks/makes/amd64:23.04 interruptible: true needs: [] script: @@ -8,7 +8,7 @@ GIT_DEPTH: 1 MAKES_GIT_DEPTH: 1 /lintNix: - image: ghcr.io/fluidattacks/makes:23.04 + image: ghcr.io/fluidattacks/makes/amd64:23.04 interruptible: true needs: [] script: