Skip to content

Commit

Permalink
WIP Goreleaser
Browse files Browse the repository at this point in the history
  • Loading branch information
@thardeck
thardeck committed Jan 23, 2025
1 parent 52e43c9 commit f3ca728
Show file tree
Hide file tree
Showing 3 changed files with 180 additions and 77 deletions.
61 changes: 14 additions & 47 deletions .github/workflows/release-fleet.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,16 +21,6 @@ jobs:
build-fleet:
runs-on: runs-on,runner=8cpu-linux-x64,mem=16,run-id=${{ github.run_id }}

strategy:
matrix:
include:
# - arm64 manifest
#- tag-suffix: "-arm64"
# platforms: linux/arm64
# - amd64 manifest
- tag-suffix: "-amd64"
platforms: linux/amd64

env:
IS_HOTFIX: ${{ contains(github.ref, '-hotfix-ch-') }}
REGISTRY: "${{ contains(github.ref, '-hotfix-ch-') && 'stgregistry.suse.com' || 'docker.io' }}"
Expand Down Expand Up @@ -60,6 +50,9 @@ jobs:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Install Cosign
uses: sigstore/[email protected]

- name: "Read Vault Secrets"
uses: rancher-eio/read-vault-secrets@main
with:
Expand All @@ -68,6 +61,9 @@ jobs:
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-stg-registry/credentials username | STAGE_REGISTRY_USERNAME ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-stg-registry/credentials password | STAGE_REGISTRY_PASSWORD ;
secret/data/github/repo/${{ github.repository}}/rancher-prime-registry/credentials username | PRIME_REGISTRY_USERNAME ;
secret/data/github/repo/${{ github.repository}}/rancher-prime-registry/credentials password | PRIME_REGISTRY_PASSWORD ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials registry | PRIME_REGISTRY;
- name: Log into Docker Container registry
uses: docker/login-action@v3
Expand All @@ -84,6 +80,13 @@ jobs:
password: ${{ env.STAGE_REGISTRY_PASSWORD }}
registry: ${{ env.REGISTRY }}

- name: Log into Prime registry
uses: docker/login-action@v3
with:
username: ${{ env.PRIME_REGISTRY_USERNAME }}
password: ${{ env.PRIME_REGISTRY_PASSWORD }}
registry: ${{ env.PRIME_REGISTRY }}

- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v6
id: goreleaser
Expand All @@ -94,44 +97,8 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GORELEASER_CURRENT_TAG: "v0.12.0-alpha.0"
PRIME_REGISTRY: ${{ env.PRIME_REGISTRY }}

- name: "Read Prime Vault Secrets"
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository}}/rancher-prime-registry/credentials username | PRIME_REGISTRY_USERNAME ;
secret/data/github/repo/${{ github.repository}}/rancher-prime-registry/credentials password | PRIME_REGISTRY_PASSWORD ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials registry | PRIME_REGISTRY;
- name: Publish Fleet Prime Image
uses: rancher/ecm-distro-tools/actions/publish-image@master
with:
image: fleet
tag: ${{ github.ref_name }}${{ matrix.tag-suffix }}
platforms: ${{ matrix.platforms }}
make-target: push-image

push-to-public: false

prime-registry: ${{ env.PRIME_REGISTRY }}
prime-repo: rancher
prime-username: ${{ env.PRIME_REGISTRY_USERNAME }}
prime-password: ${{ env.PRIME_REGISTRY_PASSWORD }}

- name: Publish Fleet Agent Prime Image
uses: rancher/ecm-distro-tools/actions/publish-image@master
with:
image: fleet-agent
tag: ${{ github.ref_name }}${{ matrix.tag-suffix }}
platforms: ${{ matrix.platforms }}
make-target: push-image-agent

push-to-public: false

prime-registry: ${{ env.PRIME_REGISTRY }}
prime-repo: rancher
prime-username: ${{ env.PRIME_REGISTRY_USERNAME }}
prime-password: ${{ env.PRIME_REGISTRY_PASSWORD }}
- name: Upload charts to release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand Down
166 changes: 166 additions & 0 deletions .goreleaser.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@ dockers:
# fleet-controller images
-
use: buildx
id: fleet-amd64-public

# GOOS of the built binaries/packages that should be used.
goos: linux
Expand Down Expand Up @@ -121,6 +122,7 @@ dockers:
extra_files: [ "package/log.sh" ]
-
use: buildx
id: fleet-arm64-public
goos: linux
goarch: arm64
ids:
Expand All @@ -143,6 +145,7 @@ dockers:
# fleet-agent images
-
use: buildx
id: fleet-agent-amd64-public
goos: linux
goarch: amd64
ids:
Expand All @@ -162,6 +165,7 @@ dockers:
- "--platform=linux/amd64"
-
use: buildx
id: fleet-agent-arm64-public
goos: linux
goarch: arm64
ids:
Expand All @@ -180,14 +184,176 @@ dockers:
- "--build-arg=BUILD_ENV=goreleaser"
- "--platform=linux/arm64/v8"

# fleet-controller images
-
use: buildx
id: fleet-amd64-private

# GOOS of the built binaries/packages that should be used.
goos: linux

# GOARCH of the built binaries/packages that should be used.
goarch: amd64

# IDs to filter the binaries/packages.
ids:
- fleet-controller
- fleet-cli

# Templates of the Docker image names.
image_templates:
- "{{ .Env.PRIME_REGISTRY }}/rancher/fleet:{{ .Tag }}-linux-amd64"

# Path to the Dockerfile (from the project root).
dockerfile: package/Dockerfile

# Template of the docker build flags.
build_flag_templates:
- "--pull"
- "--label=org.opencontainers.image.created={{.Date}}"
- "--label=org.opencontainers.image.title={{.ProjectName}}"
- "--label=org.opencontainers.image.revision={{.FullCommit}}"
- "--label=org.opencontainers.image.version={{.Version}}"
- "--label=org.opencontainers.image.source=https://github.com/rancher/fleet"
- "--sbom=true"
- "--attest type=provenance,mode=max"
- "--build-arg=ARCH=amd64"
- "--build-arg=BUILD_ENV=goreleaser"
- "--platform=linux/amd64"
extra_files: [ "package/log.sh" ]
-
use: buildx
id: fleet-arm64-private
goos: linux
goarch: arm64
ids:
- fleet-controller
- fleet-cli
image_templates:
- "{{ .Env.PRIME_REGISTRY }}/rancher/fleet:{{ .Tag }}-linux-arm64"
dockerfile: package/Dockerfile
build_flag_templates:
- "--pull"
- "--label=org.opencontainers.image.created={{.Date}}"
- "--label=org.opencontainers.image.title={{.ProjectName}}"
- "--label=org.opencontainers.image.revision={{.FullCommit}}"
- "--label=org.opencontainers.image.version={{.Version}}"
- "--label=org.opencontainers.image.source=https://github.com/rancher/fleet"
- "--sbom=true"
- "--attest type=provenance,mode=max"
- "--build-arg=ARCH=arm64"
- "--build-arg=BUILD_ENV=goreleaser"
- "--platform=linux/arm64/v8"
extra_files: [ "package/log.sh" ]
# fleet-agent images
-
use: buildx
id: fleet-agent-amd64-private
goos: linux
goarch: amd64
ids:
- fleet-agent
image_templates:
- "{{ .Env.PRIME_REGISTRY }}/rancher/fleet-agent:{{ .Tag }}-linux-amd64"
dockerfile: package/Dockerfile.agent
build_flag_templates:
- "--pull"
- "--label=org.opencontainers.image.created={{.Date}}"
- "--label=org.opencontainers.image.title={{.ProjectName}}"
- "--label=org.opencontainers.image.revision={{.FullCommit}}"
- "--label=org.opencontainers.image.version={{.Version}}"
- "--label=org.opencontainers.image.source=https://github.com/rancher/fleet"
- "--sbom=true"
- "--attest type=provenance,mode=max"
- "--build-arg=ARCH=amd64"
- "--build-arg=BUILD_ENV=goreleaser"
- "--platform=linux/amd64"
-
use: buildx
id: fleet-agent-arm64-private
goos: linux
goarch: arm64
ids:
- fleet-agent
image_templates:
- "{{ .Env.PRIME_REGISTRY }}/rancher/fleet-agent:{{ .Tag }}-linux-arm64"
dockerfile: package/Dockerfile.agent
build_flag_templates:
- "--pull"
- "--label=org.opencontainers.image.created={{.Date}}"
- "--label=org.opencontainers.image.title={{.ProjectName}}"
- "--label=org.opencontainers.image.revision={{.FullCommit}}"
- "--label=org.opencontainers.image.version={{.Version}}"
- "--label=org.opencontainers.image.source=https://github.com/rancher/fleet"
- "--sbom=true"
- "--attest type=provenance,mode=max"
- "--build-arg=ARCH=arm64"
- "--build-arg=BUILD_ENV=goreleaser"
- "--platform=linux/arm64/v8"

docker_manifests:
# https://goreleaser.com/customization/docker_manifest/
- name_template: "{{ .Env.REGISTRY }}/rancher/fleet:{{ .Tag }}"
id: fleet-manifest-public
image_templates:
- "{{ .Env.REGISTRY }}/rancher/fleet:{{ .Tag }}-linux-amd64"
- "{{ .Env.REGISTRY }}/rancher/fleet:{{ .Tag }}-linux-arm64"

- name_template: "{{ .Env.PRIME_REGISTRY }}/rancher/fleet:{{ .Tag }}"
id: fleet-manifest-private
image_templates:
- "{{ .Env.PRIME_REGISTRY }}/rancher/fleet:{{ .Tag }}-linux-amd64"
- "{{ .Env.PRIME_REGISTRY }}/rancher/fleet:{{ .Tag }}-linux-arm64"

- name_template: "{{ .Env.REGISTRY }}/rancher/fleet-agent:{{ .Tag }}"
id: fleet-agent-manifest-public
image_templates:
- "{{ .Env.REGISTRY }}/rancher/fleet-agent:{{ .Tag }}-linux-amd64"
- "{{ .Env.REGISTRY }}/rancher/fleet-agent:{{ .Tag }}-linux-arm64"

- name_template: "{{ .Env.PRIME_REGISTRY }}/rancher/fleet-agent:{{ .Tag }}"
id: fleet-agent-manifest-private
image_templates:
- "{{ .Env.PRIME_REGISTRY }}/rancher/fleet-agent:{{ .Tag }}-linux-amd64"
- "{{ .Env.PRIME_REGISTRY }}/rancher/fleet-agent:{{ .Tag }}-linux-arm64"

docker_signs:
- # ID of the sign config, must be unique.
# Only relevant if you want to produce some sort of signature file.
#
# Default: 'default'.
id: prime

# Path to the signature command.
#
# Default: 'cosign'.
cmd: cosign

# Command line arguments for the command.
#
# Default: ["sign", "--key=cosign.key", "${artifact}", "--yes"].
# Templates: allowed.
args:
- "sign"
- "--oidc-provider=github-actions"
- "--yes" # needed on cosign 2.0.0+
- "${artifact}"

# Which artifacts to sign.
#
# all: all artifacts
# none: no signing
# images: only docker images
# manifests: only docker manifests
#
# Default: 'none'.
artifacts: all

# IDs of the artifacts to sign.
ids:
- fleet-amd64-private
- fleet-arm64-private
- fleet-agent-amd64-private
- fleet-agent-arm64-private
- fleet-manifest-private
- fleet-agent-manifest-private
30 changes: 0 additions & 30 deletions Makefile
View file

This file was deleted.

0 comments on commit f3ca728

Please sign in to comment.