Add GoReleaser configuration for publishing docker images

Should build both an amd64 and arm64 image and combine both in a single manifest. Does require some modifications to the GitHub Actions to correctly push to DockerHub. Used this blog post as inspiration: https://carlosbecker.com/posts/multi-platform-docker-images-goreleaser-gh-actions/
2025-10-23 07:58:04 +00:00 · 2021-04-21 13:45:49 +02:00
10 changed files with 82 additions and 127 deletions
--- a/.VERSION
+++ b/.VERSION
@@ -1 +1 @@
-v1.0.1
+v1.0.0
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -1,36 +0,0 @@
---
-name: Bug report
-about: Report bugs and errors found while using the Operator.
-title: ''
-labels: bug
-assignees: ''
-
---
-
-### Your environment
-
-<!-- Version of the Operator when the error occurred -->
-Operator Version:
-
-<!-- What version of the Connect server are you running?
-You can get this information from the Integrations section in 1Password
-https://start.1password.com/integrations/active
-->
-Connect Server Version:
-
-<!-- What version of Kubernetes have you deployed the operator to? -->
-Kubernetes Version:
-
-## What happened?
-<!-- Describe the bug or error -->
-
-## What did you expect to happen?
-<!-- Describe what should have happened -->
-
-## Steps to reproduce
-1. <!-- Describe Steps to reproduce the issue -->
-
-
-## Notes & Logs
-<!-- Paste any logs here that may help with debugging.
-Remember to remove any sensitive information before sharing! -->
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,9 +0,0 @@
-# docs: https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#configuring-the-template-chooser
-blank_issues_enabled: true
-contact_links:
-  - name: 1Password Community
-    url: https://1password.community/categories/secrets-automation
-    about: Please ask general Secrets Automation questions here.
-  - name: 1Password Security Bug Bounty
-    url: https://bugcrowd.com/agilebits
-    about: Please report security vulnerabilities here.
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -1,32 +0,0 @@
---
-name: Feature request
-about: Suggest an idea for the Operator
-title: ''
-labels: feature-request
-assignees: ''
-
---
-
-### Summary
-<!-- Briefly describe the feature in one or two sentences. You can include more details later. -->
-
-### Use cases
-<!-- Describe the use cases that make this feature useful to others.
-The description should help the reader understand why the feature is necessary.
-The better we understand your use case, the better we can help create an appropriate solution. -->
-
-### Proposed solution
-<!-- If you already have an idea for how the feature should work, use this space to describe it.
-We'll work with you to find a workable approach, and any implementation details are appreciated.
-->
-
-### Is there a workaround to accomplish this today?
-<!-- If there's a way to accomplish this feature request without changes to the codebase, we'd like to hear it.
-->
-
-### References & Prior Work
-<!-- If a similar feature was implemented in another project or tool, add a link so we can better understand your request.
-Links to relevant documentation or RFCs are also appreciated. -->
-
-* <!-- Reference 1 -->
-* <!-- Reference 2, etc -->
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,15 +1,13 @@
-name: release
+name: goreleaser

 on:
  push:
    tags:
-      - 'v*'
+      - '*'

 jobs:
-  release-docker:
+  goreleaser:
    runs-on: ubuntu-latest
-    env:
-      DOCKER_CLI_EXPERIMENTAL: "enabled"
    steps:
      -
        name: Checkout
@@ -17,38 +15,15 @@ jobs:
        with:
          fetch-depth: 0
      -
-        name: Docker meta
-        id: meta
-        uses: crazy-max/ghaction-docker-meta@v2
+        name: Set up Go
+        uses: actions/setup-go@v2
        with:
-          images: |
-            1password/onepassword-operator
-          # Publish image for x.y.z and x.y
-          # The latest tag is automatically added for semver tags
-          tags: |
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
+          go-version: 1.15
      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-      -
-        name: Docker Login
-        uses: docker/login-action@v1
+        name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v2
        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Build and push
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          file: Dockerfile
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          build-args: |
-            operator_version=${{ github.event.ref }}
+          version: latest
+          args: release --rm-dist
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -0,0 +1,55 @@
+project_name: onepassword-operator
+builds:
+  - env:
+      - CGO_ENABLED=0
+    binary: manager
+    main: ./cmd/manager/main.go
+    flags:
+      - -mod=vendor
+      - -trimpath
+    ldflags:
+      - -s -w -X "github.com/1Password/onepassword-operator/version.Version={{ .Version }}"
+    mod_timestamp: '{{ .CommitTimestamp }}'
+    goos:
+      - linux
+    goarch:
+      - amd64
+      - arm64
+dockers:
+  - image_templates: ["1password/{{ .ProjectName }}:{{ .Version }}-amd64"]
+    goos: linux
+    goarch: amd64
+    dockerfile: Dockerfile-goreleaser
+    use_buildx: true
+    extra_files:
+      - deploy/connect/
+    build_flag_templates:
+      - --platform=linux/amd64
+      - --label=org.opencontainers.image.title={{ .ProjectName }}
+      - --label=org.opencontainers.image.description={{ .ProjectName }}
+      - --label=org.opencontainers.image.url=https://github.com/1Password/onepassword-operator
+      - --label=org.opencontainers.image.source=https://github.com/1Password/onepassword-operator
+      - --label=org.opencontainers.image.version={{ .Version }}
+      - --label=org.opencontainers.image.revision={{ .FullCommit }}
+      - --label=org.opencontainers.image.licenses=MIT
+  - image_templates: ["1password/{{ .ProjectName }}:{{ .Version }}-arm64v8"]
+    goos: linux
+    goarch: arm64
+    dockerfile: Dockerfile-goreleaser
+    use_buildx: true
+    extra_files:
+      - deploy/connect/
+    build_flag_templates:
+      - --platform=linux/arm64/v8
+      - --label=org.opencontainers.image.title={{ .ProjectName }}
+      - --label=org.opencontainers.image.description={{ .ProjectName }}
+      - --label=org.opencontainers.image.url=https://github.com/1Password/onepassword-operator
+      - --label=org.opencontainers.image.source=https://github.com/1Password/onepassword-operator
+      - --label=org.opencontainers.image.version={{ .Version }}
+      - --label=org.opencontainers.image.revision={{ .FullCommit }}
+      - --label=org.opencontainers.image.licenses=MIT
+docker_manifests:
+  - name_template: 1password/{{ .ProjectName }}:{{ .Version }}
+    image_templates:
+      - 1password/{{ .ProjectName }}:{{ .Version }}-amd64
+      - 1password/{{ .ProjectName }}:{{ .Version }}-arm64v8
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,15 +12,6 @@

 ---

-[//]: # (START/v1.0.1)
-# v1.0.1
-
-## Features
-* This release also contains an arm64 Docker image. {#20}
-* Docker images are also pushed to the :latest and :<major>.<minor> tags.
-
---
-
 [//]: # (START/v1.0.0)
 # v1.0.0

--- a/2
+++ b/2
@@ -14,6 +14,8 @@ COPY vendor/ vendor/
 # Build
 ARG operator_version=dev
 RUN CGO_ENABLED=0 \
+    GOOS=linux \
+    GOARCH=amd64 \
    GO111MODULE=on \
    go build \
    -ldflags "-X version.Version=$operator_version" \
--- a/9
+++ b/9
@@ -0,0 +1,9 @@
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY ./manager .
+USER nonroot:nonroot
+COPY deploy/connect/ deploy/connect/
+
+ENTRYPOINT ["/manager"]
--- a/README.md
+++ b/README.md
@@ -102,7 +102,7 @@ To create a Kubernetes Secret from a 1Password item, create a yaml file with the

 ```yaml
 apiVersion: onepassword.com/v1
-kind: OnePasswordItem
+kind: OnePasswordItem # {insert_new_name}
 metadata:
  name: <item_name> #this name will also be used for naming the generated kubernetes secret
 spec:
@@ -131,8 +131,8 @@ kind: Deployment
 metadata:
  name: deployment-example
  annotations:
-    operator.1password.io/item-path: "vaults/<vault_id_or_title>/items/<item_id_or_title>"
-    operator.1password.io/item-name: "<secret_name>"
+    operator.1password.io/item-path: "vaults/{vault_id_or_title}/items/{item_id_or_title}"
+    operator.1password.io/item-name: "{secret_name}"
 ```

 Applying this yaml file will create a Kubernetes Secret with the name `<secret_name>` and contents from the location specified at the specified Item Path.