From 2e47b76d4cdcebb8add4493027088ee00db65f6e Mon Sep 17 00:00:00 2001 From: jillianwilson Date: Tue, 20 Apr 2021 16:13:29 -0300 Subject: [PATCH 1/7] Github action for building Go binaries for new release --- .github/workflows/release.yml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..3c97636 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,29 @@ +name: goreleaser + +on: + push: + tags: + - '*' + +jobs: + goreleaser: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - + name: Set up Go + uses: actions/setup-go@v2 + with: + go-version: 1.15 + - + name: Run GoReleaser + uses: goreleaser/goreleaser-action@v2 + with: + version: latest + args: release --rm-dist + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From b2565cebf823c0566c8f36f8d468bfc22d20eac5 Mon Sep 17 00:00:00 2001 From: Joris Coenen Date: Wed, 21 Apr 2021 13:45:49 +0200 Subject: [PATCH 2/7] Add GoReleaser configuration for publishing docker images Should build both an amd64 and arm64 image and combine both in a single manifest. Does require some modifications to the GitHub Actions to correctly push to DockerHub. Used this blog post as inspiration: https://carlosbecker.com/posts/multi-platform-docker-images-goreleaser-gh-actions/ --- .goreleaser.yml | 55 +++++++++++++++++++++++++++++++++++++++++++ Dockerfile-goreleaser | 9 +++++++ 2 files changed, 64 insertions(+) create mode 100644 .goreleaser.yml create mode 100644 Dockerfile-goreleaser diff --git a/.goreleaser.yml b/.goreleaser.yml new file mode 100644 index 0000000..6e84a21 --- /dev/null +++ b/.goreleaser.yml @@ -0,0 +1,55 @@ +project_name: onepassword-operator +builds: + - env: + - CGO_ENABLED=0 + binary: manager + main: ./cmd/manager/main.go + flags: + - -mod=vendor + - -trimpath + ldflags: + - -s -w -X "github.com/1Password/onepassword-operator/version.Version={{ .Version }}" + mod_timestamp: '{{ .CommitTimestamp }}' + goos: + - linux + goarch: + - amd64 + - arm64 +dockers: + - image_templates: ["1password/{{ .ProjectName }}:{{ .Version }}-amd64"] + goos: linux + goarch: amd64 + dockerfile: Dockerfile-goreleaser + use_buildx: true + extra_files: + - deploy/connect/ + build_flag_templates: + - --platform=linux/amd64 + - --label=org.opencontainers.image.title={{ .ProjectName }} + - --label=org.opencontainers.image.description={{ .ProjectName }} + - --label=org.opencontainers.image.url=https://github.com/1Password/onepassword-operator + - --label=org.opencontainers.image.source=https://github.com/1Password/onepassword-operator + - --label=org.opencontainers.image.version={{ .Version }} + - --label=org.opencontainers.image.revision={{ .FullCommit }} + - --label=org.opencontainers.image.licenses=MIT + - image_templates: ["1password/{{ .ProjectName }}:{{ .Version }}-arm64v8"] + goos: linux + goarch: arm64 + dockerfile: Dockerfile-goreleaser + use_buildx: true + extra_files: + - deploy/connect/ + build_flag_templates: + - --platform=linux/arm64/v8 + - --label=org.opencontainers.image.title={{ .ProjectName }} + - --label=org.opencontainers.image.description={{ .ProjectName }} + - --label=org.opencontainers.image.url=https://github.com/1Password/onepassword-operator + - --label=org.opencontainers.image.source=https://github.com/1Password/onepassword-operator + - --label=org.opencontainers.image.version={{ .Version }} + - --label=org.opencontainers.image.revision={{ .FullCommit }} + - --label=org.opencontainers.image.licenses=MIT +docker_manifests: + - name_template: 1password/{{ .ProjectName }}:{{ .Version }} + image_templates: + - 1password/{{ .ProjectName }}:{{ .Version }}-amd64 + - 1password/{{ .ProjectName }}:{{ .Version }}-arm64v8 diff --git a/Dockerfile-goreleaser b/Dockerfile-goreleaser new file mode 100644 index 0000000..b4587a7 --- /dev/null +++ b/Dockerfile-goreleaser @@ -0,0 +1,9 @@ +# Use distroless as minimal base image to package the manager binary +# Refer to https://github.com/GoogleContainerTools/distroless for more details +FROM gcr.io/distroless/static:nonroot +WORKDIR / +COPY ./manager . +USER nonroot:nonroot +COPY deploy/connect/ deploy/connect/ + +ENTRYPOINT ["/manager"] From b53e017b7708d49abbe3e2883856a65327a92bee Mon Sep 17 00:00:00 2001 From: Joris Coenen Date: Wed, 21 Apr 2021 18:41:30 +0200 Subject: [PATCH 3/7] GitHub Action steps for publishing images to DockerHub --- .github/workflows/release.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3c97636..990afa4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,12 +8,26 @@ on: jobs: goreleaser: runs-on: ubuntu-latest + env: + DOCKER_CLI_EXPERIMENTAL: "enabled" steps: - name: Checkout uses: actions/checkout@v2 with: fetch-depth: 0 + - + name: Set up QEMU + uses: docker/setup-qemu-action@v1 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - + name: Docker Login + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Set up Go uses: actions/setup-go@v2 From e8e01d6578a5030d8074a6b2b5408b8c5dfc9f1a Mon Sep 17 00:00:00 2001 From: Joris Coenen Date: Wed, 21 Apr 2021 19:06:13 +0200 Subject: [PATCH 4/7] Also push :latest tag --- .goreleaser.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.goreleaser.yml b/.goreleaser.yml index 6e84a21..bac40e5 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -53,3 +53,7 @@ docker_manifests: image_templates: - 1password/{{ .ProjectName }}:{{ .Version }}-amd64 - 1password/{{ .ProjectName }}:{{ .Version }}-arm64v8 + - name_template: 1password/{{ .ProjectName }}:latest + image_templates: + - 1password/{{ .ProjectName }}:{{ .Version }}-amd64 + - 1password/{{ .ProjectName }}:{{ .Version }}-arm64v8 From 9e8f6210209a909a92f2995894bec2bd269f5a4d Mon Sep 17 00:00:00 2001 From: Joris Coenen Date: Fri, 23 Apr 2021 18:40:15 +0200 Subject: [PATCH 5/7] Use docker buildx for building and pushing images This has the benefit that every tag only shows up as one image. With goreleaser, multiple images were shipped --- .github/workflows/release.yml | 37 +++++++++++++++++++++++------------ Dockerfile | 2 -- 2 files changed, 24 insertions(+), 15 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 990afa4..2f3395c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,9 +1,9 @@ -name: goreleaser +name: release on: push: tags: - - '*' + - 'v*' jobs: goreleaser: @@ -16,6 +16,18 @@ jobs: uses: actions/checkout@v2 with: fetch-depth: 0 + - + name: Docker meta + id: meta + uses: crazy-max/ghaction-docker-meta@v2 + with: + images: | + 1password/onepassword-operator + # Publish image for x.y.z and x.y + # The latest tag is automatically added for semver tags + tags: | + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} - name: Set up QEMU uses: docker/setup-qemu-action@v1 @@ -29,15 +41,14 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Set up Go - uses: actions/setup-go@v2 + name: Build and push + uses: docker/build-push-action@v2 with: - go-version: 1.15 - - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v2 - with: - version: latest - args: release --rm-dist - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + context: . + file: Dockerfile + platforms: linux/amd64,linux/arm64 + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + build-args: | + operator_version=${{ github.event.ref }} diff --git a/Dockerfile b/Dockerfile index 5d1df61..ce8e25f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,8 +14,6 @@ COPY vendor/ vendor/ # Build ARG operator_version=dev RUN CGO_ENABLED=0 \ - GOOS=linux \ - GOARCH=amd64 \ GO111MODULE=on \ go build \ -ldflags "-X version.Version=$operator_version" \ From d0c1235e581a2adb075c8ffaf0a3222fd973e4ec Mon Sep 17 00:00:00 2001 From: Joris Coenen Date: Fri, 23 Apr 2021 18:45:06 +0200 Subject: [PATCH 6/7] Remove obsoleted goreleaser files --- .goreleaser.yml | 59 ------------------------------------------- Dockerfile-goreleaser | 9 ------- 2 files changed, 68 deletions(-) delete mode 100644 .goreleaser.yml delete mode 100644 Dockerfile-goreleaser diff --git a/.goreleaser.yml b/.goreleaser.yml deleted file mode 100644 index bac40e5..0000000 --- a/.goreleaser.yml +++ /dev/null @@ -1,59 +0,0 @@ -project_name: onepassword-operator -builds: - - env: - - CGO_ENABLED=0 - binary: manager - main: ./cmd/manager/main.go - flags: - - -mod=vendor - - -trimpath - ldflags: - - -s -w -X "github.com/1Password/onepassword-operator/version.Version={{ .Version }}" - mod_timestamp: '{{ .CommitTimestamp }}' - goos: - - linux - goarch: - - amd64 - - arm64 -dockers: - - image_templates: ["1password/{{ .ProjectName }}:{{ .Version }}-amd64"] - goos: linux - goarch: amd64 - dockerfile: Dockerfile-goreleaser - use_buildx: true - extra_files: - - deploy/connect/ - build_flag_templates: - - --platform=linux/amd64 - - --label=org.opencontainers.image.title={{ .ProjectName }} - - --label=org.opencontainers.image.description={{ .ProjectName }} - - --label=org.opencontainers.image.url=https://github.com/1Password/onepassword-operator - - --label=org.opencontainers.image.source=https://github.com/1Password/onepassword-operator - - --label=org.opencontainers.image.version={{ .Version }} - - --label=org.opencontainers.image.revision={{ .FullCommit }} - - --label=org.opencontainers.image.licenses=MIT - - image_templates: ["1password/{{ .ProjectName }}:{{ .Version }}-arm64v8"] - goos: linux - goarch: arm64 - dockerfile: Dockerfile-goreleaser - use_buildx: true - extra_files: - - deploy/connect/ - build_flag_templates: - - --platform=linux/arm64/v8 - - --label=org.opencontainers.image.title={{ .ProjectName }} - - --label=org.opencontainers.image.description={{ .ProjectName }} - - --label=org.opencontainers.image.url=https://github.com/1Password/onepassword-operator - - --label=org.opencontainers.image.source=https://github.com/1Password/onepassword-operator - - --label=org.opencontainers.image.version={{ .Version }} - - --label=org.opencontainers.image.revision={{ .FullCommit }} - - --label=org.opencontainers.image.licenses=MIT -docker_manifests: - - name_template: 1password/{{ .ProjectName }}:{{ .Version }} - image_templates: - - 1password/{{ .ProjectName }}:{{ .Version }}-amd64 - - 1password/{{ .ProjectName }}:{{ .Version }}-arm64v8 - - name_template: 1password/{{ .ProjectName }}:latest - image_templates: - - 1password/{{ .ProjectName }}:{{ .Version }}-amd64 - - 1password/{{ .ProjectName }}:{{ .Version }}-arm64v8 diff --git a/Dockerfile-goreleaser b/Dockerfile-goreleaser deleted file mode 100644 index b4587a7..0000000 --- a/Dockerfile-goreleaser +++ /dev/null @@ -1,9 +0,0 @@ -# Use distroless as minimal base image to package the manager binary -# Refer to https://github.com/GoogleContainerTools/distroless for more details -FROM gcr.io/distroless/static:nonroot -WORKDIR / -COPY ./manager . -USER nonroot:nonroot -COPY deploy/connect/ deploy/connect/ - -ENTRYPOINT ["/manager"] From d45f682c37fd538a6ba3f2eeb5b084e8f3058dff Mon Sep 17 00:00:00 2001 From: Joris Coenen Date: Thu, 29 Apr 2021 14:35:21 +0200 Subject: [PATCH 7/7] Rename job to release-docker Co-authored-by: Floris van der Grinten --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2f3395c..fe0180c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,7 +6,7 @@ on: - 'v*' jobs: - goreleaser: + release-docker: runs-on: ubuntu-latest env: DOCKER_CLI_EXPERIMENTAL: "enabled"