From a4a0a0e48e7b217b8746f4fdbae530239a4c8e2b Mon Sep 17 00:00:00 2001 From: Marques Johansson Date: Thu, 23 Feb 2023 09:51:59 -0500 Subject: [PATCH 1/6] add a ghcr.io container artifact for metal-cli relesaes Signed-off-by: Marques Johansson --- .github/workflows/release.yml | 2 +- .goreleaser.yml | 14 ++++++++++++++ Dockerfile | 25 +++++++++++++++++++++++++ 3 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 Dockerfile diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 815c09f8..f13d5868 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -24,7 +24,7 @@ jobs: uses: goreleaser/goreleaser-action@v5 with: version: latest - args: release --rm-dist + args: release --clean env: # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # diff --git a/.goreleaser.yml b/.goreleaser.yml index c9d7afee..c4b25831 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -57,3 +57,17 @@ brews: tap: owner: equinix name: homebrew-tap + +dockers: + - image_templates: + - 'ghcr.io/{{ .Env.GITHUB_REPOSITORY }}:{{ .Tag }}-{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}' + dockerfile: Dockerfile + use: buildx + build_flag_templates: + - "--pull" + - "--label=org.opencontainers.image.created={{.Date}}" + - "--label=org.opencontainers.image.name={{.ProjectName}}" + - "--label=org.opencontainers.image.revision={{.FullCommit}}" + - "--label=org.opencontainers.image.version={{.Version}}" + - "--label=org.opencontainers.image.source={{.GitURL}}" + - "--platform=linux/{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}" diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000..31034098 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,25 @@ +# syntax=docker/dockerfile:1 + +## Build +FROM golang:1.19-alpine AS build + +WORKDIR /app + +COPY go.mod ./ +COPY go.sum ./ +RUN go mod download + +COPY ./cmd/. ./cmd/ +COPY ./internal/. ./internal/ +RUN go build -o /metal ./cmd/metal + +## Image +FROM scratch + +WORKDIR / + +COPY --from=build /metal /metal + +USER nonroot:nonroot + +ENTRYPOINT ["/metal"] From 83c113c60fbde36e1ee5728baadf17b8a8ace2fd Mon Sep 17 00:00:00 2001 From: Chris Privitere <23177737+cprivitere@users.noreply.github.com> Date: Wed, 24 Jan 2024 15:15:27 -0600 Subject: [PATCH 2/6] chore: format yaml with prettier Signed-off-by: Chris Privitere <23177737+cprivitere@users.noreply.github.com> --- .github/workflows/release.yml | 13 ++++----- .goreleaser.yml | 50 +++++++++++++++++------------------ 2 files changed, 30 insertions(+), 33 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f13d5868..00e3f283 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,31 +3,28 @@ name: release on: push: tags: - - '*' + - "*" jobs: goreleaser: runs-on: ubuntu-latest steps: - - - name: Checkout + - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 - - - name: Set up Go + - name: Set up Go uses: actions/setup-go@v5 with: go-version: 1.19 - - - name: Run GoReleaser + - name: Run GoReleaser uses: goreleaser/goreleaser-action@v5 with: version: latest args: release --clean env: # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # + # # Token for robot account @equinix-homebrew-tap, which can publish # to metal-cli and homebrew-tap GH repos GITHUB_TOKEN: ${{ secrets.GH_HOMEBREW_TAP_TOKEN }} diff --git a/.goreleaser.yml b/.goreleaser.yml index c4b25831..ca4dab39 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -7,30 +7,30 @@ before: # you may remove this if you don't need go generate - go generate ./... builds: -- main: ./cmd/metal - env: - - CGO_ENABLED=0 - binary: metal - ldflags: - - -X github.com/equinix/metal-cli/cmd.Version={{.Version}} - - -X github.com/equinix/metal-cli/cmd.Build=${.Commit}" + - main: ./cmd/metal + env: + - CGO_ENABLED=0 + binary: metal + ldflags: + - -X github.com/equinix/metal-cli/cmd.Version={{.Version}} + - -X github.com/equinix/metal-cli/cmd.Build=${.Commit}" - goos: - - freebsd - - linux - - windows - - darwin - goarch: - - amd64 - - arm - - arm64 - goarm: - - "6" - - "7" + goos: + - freebsd + - linux + - windows + - darwin + goarch: + - amd64 + - arm + - arm64 + goarm: + - "6" + - "7" archives: -- format: binary - name_template: "{{ .Binary }}-{{ .Os }}-{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}" + - format: binary + name_template: "{{ .Binary }}-{{ .Os }}-{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}" checksum: name_template: "{{ .ProjectName }}_{{ .Version }}_checksums.txt" release: @@ -41,10 +41,10 @@ changelog: sort: asc filters: exclude: - - '^docs:' - - '^test:' + - "^docs:" + - "^test:" -brews: +brews: - homepage: "https://metal.equinix.com/developers/docs/libraries/cli/" description: "Official Equinix Metal CLI" license: "MIT" @@ -60,7 +60,7 @@ brews: dockers: - image_templates: - - 'ghcr.io/{{ .Env.GITHUB_REPOSITORY }}:{{ .Tag }}-{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}' + - "ghcr.io/{{ .Env.GITHUB_REPOSITORY }}:{{ .Tag }}-{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}" dockerfile: Dockerfile use: buildx build_flag_templates: From e3d4145df9bdb8ead53514cdf70671e9a519251a Mon Sep 17 00:00:00 2001 From: Chris Privitere <23177737+cprivitere@users.noreply.github.com> Date: Wed, 24 Jan 2024 15:30:12 -0600 Subject: [PATCH 3/6] fix: conform to current goreleaser spec tap -> repository Signed-off-by: Chris Privitere <23177737+cprivitere@users.noreply.github.com> --- .goreleaser.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index ca4dab39..4435b3f1 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -54,7 +54,7 @@ brews: test: | system "#{bin}/metal -v" commit_msg_template: "Brew formula update for {{ .ProjectName }} version {{ .Tag }}" - tap: + repository: owner: equinix name: homebrew-tap From ed414a02622eb6424654c9e6853c818c3b985c0a Mon Sep 17 00:00:00 2001 From: Chris Privitere <23177737+cprivitere@users.noreply.github.com> Date: Wed, 24 Jan 2024 17:11:30 -0600 Subject: [PATCH 4/6] chore: use ko to build the docker images as recommended by goreleaser Signed-off-by: Chris Privitere <23177737+cprivitere@users.noreply.github.com> --- .goreleaser.yml | 48 ++++++++++++++++++++++++++++++++---------------- Dockerfile | 25 ------------------------- 2 files changed, 32 insertions(+), 41 deletions(-) delete mode 100644 Dockerfile diff --git a/.goreleaser.yml b/.goreleaser.yml index 4435b3f1..32759a37 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -12,8 +12,8 @@ builds: - CGO_ENABLED=0 binary: metal ldflags: - - -X github.com/equinix/metal-cli/cmd.Version={{.Version}} - - -X github.com/equinix/metal-cli/cmd.Build=${.Commit}" + - -X github.com/equinix/{{ .ProjectName }}/cmd.Version={{.Version}} + - -X github.com/equinix/{{ .ProjectName }}/cmd.Build=${.Commit}" goos: - freebsd @@ -34,7 +34,7 @@ archives: checksum: name_template: "{{ .ProjectName }}_{{ .Version }}_checksums.txt" release: - name_template: "{{.ProjectName}}-v{{.Version}}" + name_template: "{{ .ProjectName }}-v{{ .Version }}" snapshot: name_template: "{{ .Tag }}-next" changelog: @@ -58,16 +58,32 @@ brews: owner: equinix name: homebrew-tap -dockers: - - image_templates: - - "ghcr.io/{{ .Env.GITHUB_REPOSITORY }}:{{ .Tag }}-{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}" - dockerfile: Dockerfile - use: buildx - build_flag_templates: - - "--pull" - - "--label=org.opencontainers.image.created={{.Date}}" - - "--label=org.opencontainers.image.name={{.ProjectName}}" - - "--label=org.opencontainers.image.revision={{.FullCommit}}" - - "--label=org.opencontainers.image.version={{.Version}}" - - "--label=org.opencontainers.image.source={{.GitURL}}" - - "--platform=linux/{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}" +kos: + - repository: ghcr.io/equinix/{{ .ProjectName }} + tags: + - "{{ .Tag }}" + - "{{ .Major }}.{{ .Minor }}" + - "{{ .Minor}}" + - latest + platforms: + - linux/amd64 + - linux/arm64 + - linux/arm/v7 + - linux/arm/v6 + - freebsd/amd64 + - freebsd/arm64 + - freebsd/arm/v7 + - freebsd/arm/v6 + - windows/amd64 + - windows/arm64 + - windows/arm/v7 + - windows/arm/v6 + - darwin/amd64 + - darwin/arm64 + sbom: spdx + +sboms: + - artifacts: archive + +docker_signs: + - artifacts: manifests diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 31034098..00000000 --- a/Dockerfile +++ /dev/null @@ -1,25 +0,0 @@ -# syntax=docker/dockerfile:1 - -## Build -FROM golang:1.19-alpine AS build - -WORKDIR /app - -COPY go.mod ./ -COPY go.sum ./ -RUN go mod download - -COPY ./cmd/. ./cmd/ -COPY ./internal/. ./internal/ -RUN go build -o /metal ./cmd/metal - -## Image -FROM scratch - -WORKDIR / - -COPY --from=build /metal /metal - -USER nonroot:nonroot - -ENTRYPOINT ["/metal"] From f3474b4b9f4fa4176517be0b14ee9c4b7958f42d Mon Sep 17 00:00:00 2001 From: Chris Privitere <23177737+cprivitere@users.noreply.github.com> Date: Fri, 26 Jan 2024 13:54:17 -0600 Subject: [PATCH 5/6] chore: update ko section to do all our registries Signed-off-by: Chris Privitere <23177737+cprivitere@users.noreply.github.com> --- .goreleaser.yml | 91 ++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 71 insertions(+), 20 deletions(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index 32759a37..921e7402 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -58,32 +58,83 @@ brews: owner: equinix name: homebrew-tap +# ko is a docker image builder that simplifies making multiplatform images. +# This is much simpler than configuring all the docker ptions in goreleaser. +# Unfortunately, it doesn't support the scratch image, so we use chainguard's +# static image as a base. kos: - - repository: ghcr.io/equinix/{{ .ProjectName }} + - id: dockerhub + repository: equinix/{{ .ProjectName }} + build: metal-cli + base_image: cgr.dev/chainguard/static + labels: + org.opencontainers.image.base.name: "cgr.dev/chainguard/static" + org.opencontainers.image.created: "{{.Date}}" + org.opencontainers.image.name: "{{.ProjectName}}" + org.opencontainers.image.revision: "{{.FullCommit}}" + org.opencontainers.image.source: "{{.GitURL}}" + org.opencontainers.image.title: "{{.ProjectName}}" + org.opencontainers.image.url: "https://deploy.equinix.com/labs/metal-cli/" + org.opencontainers.image.vendor: "Equinix" + org.opencontainers.image.version: "{{.Version}}" + platforms: + - linux/amd64 + - linux/arm64 + - linux/arm/v7 tags: + - latest - "{{ .Tag }}" + - "{{ .Major }}" - "{{ .Major }}.{{ .Minor }}" - - "{{ .Minor}}" + sbom: none + bare: true + - id: github + repository: ghcr.io/equinix/{{ .ProjectName }} + build: metal-cli + base_image: cgr.dev/chainguard/static + labels: + org.opencontainers.image.base.name: "cgr.dev/chainguard/static" + org.opencontainers.image.created: "{{.Date}}" + org.opencontainers.image.name: "{{.ProjectName}}" + org.opencontainers.image.revision: "{{.FullCommit}}" + org.opencontainers.image.source: "{{.GitURL}}" + org.opencontainers.image.title: "{{.ProjectName}}" + org.opencontainers.image.url: "https://deploy.equinix.com/labs/metal-cli/" + org.opencontainers.image.vendor: "Equinix" + org.opencontainers.image.version: "{{.Version}}" + platforms: + - linux/amd64 + - linux/arm64 + - linux/arm/v7 + tags: - latest + - "{{ .Tag }}" + - "{{ .Major }}" + - "{{ .Major }}.{{ .Minor }}" + sbom: none + bare: true + - id: quay + build: metal-cli + repository: quay.io/equinix-oss/metal-cli + base_image: cgr.dev/chainguard/static + labels: + org.opencontainers.image.base.name: "cgr.dev/chainguard/static" + org.opencontainers.image.created: "{{.Date}}" + org.opencontainers.image.name: "{{.ProjectName}}" + org.opencontainers.image.revision: "{{.FullCommit}}" + org.opencontainers.image.source: "{{.GitURL}}" + org.opencontainers.image.title: "{{.ProjectName}}" + org.opencontainers.image.url: "https://deploy.equinix.com/labs/metal-cli/" + org.opencontainers.image.vendor: "Equinix" + org.opencontainers.image.version: "{{.Version}}" platforms: - linux/amd64 - linux/arm64 - linux/arm/v7 - - linux/arm/v6 - - freebsd/amd64 - - freebsd/arm64 - - freebsd/arm/v7 - - freebsd/arm/v6 - - windows/amd64 - - windows/arm64 - - windows/arm/v7 - - windows/arm/v6 - - darwin/amd64 - - darwin/arm64 - sbom: spdx - -sboms: - - artifacts: archive - -docker_signs: - - artifacts: manifests + tags: + - latest + - "{{ .Tag }}" + - "{{ .Major }}" + - "{{ .Major }}.{{ .Minor }}" + sbom: none + bare: true From 3e7b42ccacb7c3f1ec5169d166ab9b6d0242c23d Mon Sep 17 00:00:00 2001 From: Chris Privitere <23177737+cprivitere@users.noreply.github.com> Date: Fri, 26 Jan 2024 16:57:55 -0600 Subject: [PATCH 6/6] ci: add login to docker registries to release yaml Signed-off-by: Chris Privitere <23177737+cprivitere@users.noreply.github.com> --- .github/workflows/release.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 00e3f283..bd32c6d0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,6 +17,29 @@ jobs: uses: actions/setup-go@v5 with: go-version: 1.19 + - name: Login to ghcr.io registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Log into DockerHub + uses: docker/login-action@v3 + env: + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + if: ${{ env.DOCKER_USERNAME != '' }} + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + - name: Log into quay.io + uses: docker/login-action@v3 + env: + QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }} + if: ${{ env.QUAY_USERNAME != '' }} + with: + registry: quay.io + username: ${{ secrets.QUAY_USERNAME }} + password: ${{ secrets.QUAY_PASSWORD }} - name: Run GoReleaser uses: goreleaser/goreleaser-action@v5 with: