-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: goreleaser, multi platform build, cosign (#167)
- Loading branch information
1 parent
ed8a368
commit 65271fa
Showing
10 changed files
with
207 additions
and
131 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
name: release | ||
|
||
on: | ||
push: | ||
tags: | ||
- v*.*.* # stable release, v0.0.1 | ||
- v*.*.*-pre.* # pre-release, v0.0.1-pre.calendardate | ||
|
||
permissions: | ||
contents: write | ||
packages: write | ||
id-token: write # needed for signing the images with GitHub OIDC Token | ||
|
||
jobs: | ||
release: | ||
runs-on: ubuntu-22.04 | ||
steps: | ||
- name: Set up QEMU # required for multi architecture build - https://goreleaser.com/cookbooks/multi-platform-docker-images/?h=multi#other-things-to-pay-attention-to | ||
uses: docker/setup-qemu-action@v2 | ||
|
||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
with: | ||
fetch-depth: 0 # required for changelog to work properly - https://github.com/goreleaser/goreleaser-action#usage | ||
submodules: true | ||
|
||
- name: Install NodeJS | ||
uses: actions/setup-node@v3 | ||
with: | ||
node-version: '17' | ||
|
||
- name: Build argo-watcher UI | ||
run: make build-ui | ||
|
||
- name: Install Cosign | ||
uses: sigstore/[email protected] | ||
|
||
- name: Install Syft for SBOM Generation | ||
uses: anchore/sbom-action@v0 | ||
|
||
- name: Set up Go | ||
uses: actions/setup-go@v4 | ||
with: | ||
go-version-file: go.mod | ||
|
||
- name: Login to GitHub Container Registry | ||
uses: docker/login-action@v2 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Run GoReleaser for stable release | ||
uses: goreleaser/goreleaser-action@v4 | ||
if: (!contains(github.ref, 'pre')) | ||
with: | ||
version: v1.19.2 | ||
args: release --clean | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Run GoReleaser for pre-release | ||
uses: goreleaser/goreleaser-action@v4 | ||
if: contains(github.ref, 'pre') | ||
with: | ||
version: v1.19.2 | ||
args: release --clean | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
GORELEASER_CURRENT_TAG: ${{ steps.changelog.outputs.RELEASE_TAG }} | ||
|
||
- name: Update helm chart | ||
uses: shini4i/helm-charts-updater@v1 | ||
if: startsWith(github.ref, 'refs/tags/v') | ||
with: | ||
github_token: ${{ secrets.GH_TOKEN }} | ||
gh_user: shini4i | ||
gh_repo: charts | ||
chart_name: argo-watcher | ||
app_version: ${{ github.ref_name }} | ||
update_chart_annotations: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -23,3 +23,6 @@ bin/ | |
# dynamicly generated files | ||
cmd/argo-watcher/docs | ||
cmd/argo-watcher/mock | ||
|
||
# goreleaser | ||
dist/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
before: | ||
hooks: | ||
- make install-deps docs mocks | ||
- go mod tidy | ||
|
||
builds: | ||
- id: argo-watcher | ||
main: ./cmd/argo-watcher | ||
env: | ||
- CGO_ENABLED=0 | ||
goos: | ||
- linux | ||
goarch: | ||
- amd64 | ||
- arm64 | ||
|
||
dockers: | ||
- image_templates: | ||
- 'ghcr.io/shini4i/{{.ProjectName}}:{{ .Tag }}-amd64' | ||
use: buildx | ||
build_flag_templates: | ||
- "--pull" | ||
- "--platform=linux/amd64" | ||
- "--label=org.opencontainers.image.created={{.Date}}" | ||
- "--label=org.opencontainers.image.title={{.ProjectName}}" | ||
- "--label=org.opencontainers.image.revision={{.FullCommit}}" | ||
- "--label=org.opencontainers.image.version={{.Version}}" | ||
- "--label=org.opencontainers.image.licenses=MIT" | ||
goos: linux | ||
goarch: amd64 | ||
extra_files: | ||
- web/build | ||
- image_templates: | ||
- 'ghcr.io/shini4i/{{.ProjectName}}:{{ .Tag }}-arm64' | ||
use: buildx | ||
build_flag_templates: | ||
- "--pull" | ||
- "--platform=linux/arm64" | ||
- "--label=org.opencontainers.image.created={{.Date}}" | ||
- "--label=org.opencontainers.image.title={{.ProjectName}}" | ||
- "--label=org.opencontainers.image.revision={{.FullCommit}}" | ||
- "--label=org.opencontainers.image.version={{.Version}}" | ||
- "--label=org.opencontainers.image.licenses=MIT" | ||
goos: linux | ||
goarch: arm64 | ||
extra_files: | ||
- web/build | ||
|
||
docker_manifests: | ||
- name_template: 'ghcr.io/shini4i/{{.ProjectName}}:{{ .Tag }}' | ||
image_templates: | ||
- 'ghcr.io/shini4i/{{.ProjectName}}:{{ .Tag }}-amd64' | ||
- 'ghcr.io/shini4i/{{.ProjectName}}:{{ .Tag }}-arm64' | ||
|
||
archives: | ||
- format: tar.gz | ||
name_template: "{{ .ProjectName }}_{{ .Tag }}_{{ .Os }}_{{ .Arch }}" | ||
|
||
sboms: | ||
- artifacts: archive | ||
|
||
signs: | ||
- cmd: cosign | ||
certificate: "${artifact}.pem" | ||
output: true | ||
artifacts: checksum | ||
args: | ||
- "sign-blob" | ||
- "--output-certificate=${certificate}" | ||
- "--output-signature=${signature}" | ||
- "${artifact}" | ||
- "--yes" | ||
|
||
docker_signs: | ||
- cmd: cosign | ||
artifacts: manifests | ||
args: | ||
- "sign" | ||
- "${artifact}@${digest}" | ||
- "--yes" | ||
|
||
checksum: | ||
name_template: 'checksums.txt' | ||
|
||
snapshot: | ||
name_template: "{{ incpatch .Version }}-next" | ||
|
||
changelog: | ||
use: | ||
github-native | ||
|
||
release: | ||
prerelease: auto | ||
draft: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,13 +1,11 @@ | ||
FROM alpine:3.18 | ||
|
||
COPY ./bin/argo-watcher /argo-watcher | ||
COPY ./web/build /static | ||
COPY argo-watcher /argo-watcher | ||
COPY web/build /static | ||
|
||
RUN addgroup -S argo-watcher && adduser -S argo-watcher -G argo-watcher | ||
RUN apk add --no-cache ca-certificates | ||
|
||
COPY db /db | ||
|
||
USER argo-watcher | ||
|
||
CMD ["/argo-watcher", "-server"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.