[ci] Support multi-arch Docker images (amd64/arm64)

Signed-off-by: dntosas <[email protected]>
dntosas · Mar 18, 2023 · cfe8c8b · cfe8c8b
1 parent b99dde7
commit cfe8c8b
Show file tree

Hide file tree

Showing 8 changed files with 140 additions and 87 deletions.
diff --git a/.github/config/goreleaser.yaml b/.github/config/goreleaser.yaml
@@ -0,0 +1,106 @@
+# before:
+  # hooks:
+    # - go mod download
+dist: bin
+project_name: capi2argo-cluster-operator
+env:
+  - DOCKER_REPO="ghcr.io/dntosas"
+builds:
+  - env:
+      - CGO_ENABLED=0
+    binary: "{{ .ProjectName }}"
+    goos:
+      - linux
+    goarch:
+      - amd64
+      - arm64
+    flags:
+      - -trimpath
+      - -mod=vendor
+    ldflags:
+      - -s -w
+      - -X {{ .ProjectName }}/cmd.Version={{ .Version }}
+      - -X {{ .ProjectName }}/cmd.CommitHash={{ .FullCommit }}
+    main: .
+
+dockers:
+  # amd64
+  - image_templates:
+      - ghcr.io/dntosas/{{ .ProjectName }}:{{ .Version }}-amd64
+      - ghcr.io/dntosas/{{ .ProjectName }}:v{{ .Version }}-amd64
+      - ghcr.io/dntosas/{{ .ProjectName }}:latest-amd64
+    dockerfile: Dockerfile
+    use: buildx
+    goos: linux
+    goarch: amd64
+    build_flag_templates:
+    - "--pull"
+    - "--label=org.opencontainers.image.created={{.Date}}"
+    - "--label=org.opencontainers.image.title={{.ProjectName}}"
+    - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+    - "--label=org.opencontainers.image.version={{.Version}}"
+    - "--platform=linux/amd64"
+  # arm64
+  - image_templates:
+      - ghcr.io/dntosas/{{ .ProjectName }}:{{ .Version }}-arm64
+      - ghcr.io/dntosas/{{ .ProjectName }}:v{{ .Version }}-arm64
+      - ghcr.io/dntosas/{{ .ProjectName }}:latest-arm64
+    dockerfile: Dockerfile
+    use: buildx
+    goos: linux
+    goarch: arm64
+    build_flag_templates:
+    - "--pull"
+    - "--label=org.opencontainers.image.created={{.Date}}"
+    - "--label=org.opencontainers.image.title={{.ProjectName}}"
+    - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+    - "--label=org.opencontainers.image.version={{.Version}}"
+    - "--platform=linux/arm64/v8"
+
+docker_manifests:
+  # https://goreleaser.com/customization/docker_manifest/
+  - name_template: ghcr.io/dntosas/{{ .ProjectName }}:{{ .Version }}
+    image_templates:
+      - ghcr.io/dntosas/{{ .ProjectName }}:{{ .Version }}-amd64
+      - ghcr.io/dntosas/{{ .ProjectName }}:{{ .Version }}-arm64
+  - name_template: ghcr.io/dntosas/{{ .ProjectName }}:v{{ .Version }}
+    image_templates:
+      - ghcr.io/dntosas/{{ .ProjectName }}:{{ .Version }}-amd64
+      - ghcr.io/dntosas/{{ .ProjectName }}:{{ .Version }}-arm64
+  - name_template: ghcr.io/dntosas/{{ .ProjectName }}:latest
+    image_templates:
+      - ghcr.io/dntosas/{{ .ProjectName }}:latest-amd64
+      - ghcr.io/dntosas/{{ .ProjectName }}:latest-arm64
+
+# TODO: Sign docker images
+# docker_signs:
+# - artifacts: all
+#   stdin: "{{ .Env.COSIGN_PASSWORD }}"
+#   args: ["sign", "--key=cosign.key", "${artifact}@${digest}", "--yes"]
+
+archives:
+  - format: tar.gz
+    # this name template makes the OS and Arch compatible with the results of uname.
+    name_template: >-
+      {{ .ProjectName }}_
+      {{- title .Os }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else if eq .Arch "386" }}i386
+      {{- else }}{{ .Arch }}{{ end }}
+      {{- if .Arm }}v{{ .Arm }}{{ end }}
+    # use zip for windows archives
+    format_overrides:
+    - goos: windows
+      format: zip
+checksum:
+  name_template: 'checksums.txt'
+snapshot:
+  name_template: "{{ incpatch .Version }}-SNAPSHOT"
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - '^Merge\spull\srequest\s'
+
+# release:
+#   draft: true
diff --git a/.github/workflows/go-release.yml b/.github/workflows/go-release.yml
@@ -16,44 +16,11 @@ jobs:
 
       - name: Checkout code
         uses: actions/[email protected]
-
-      - name: "Extract data from tag: version, message, body"
-        id: tag
-        run: |
-          git fetch --tags --force
-
-      - name: Build CLI binary and Docker image
-        run: make build
-
-      - name: Generate sha256 checksums
-        run: make checksums
-
-      - name: Produce Release Body
-        id: git_log
-        uses: beatlabs/release-changelog-action@64cc16a4cca8ccf9672c9383cc9234c675a5acbe #v0.0.1
         with:
-          tag_regex: "v[0-9]+.[0-9]+.[0-9]+"
+          fetch-depth: 0
 
-      - name: Create Release
-        id: create_release
-        uses: actions/[email protected]
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          tag_name: ${{ github.ref }}
-          release_name: ${{ github.ref }}
-          body: ${{ steps.git_log.outputs.release_body }}
-          draft: false
-          prerelease: false
-
-      - name: Docker Metadata
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: |
-            ghcr.io/dntosas/capi2argo-cluster-operator
-          tags: |
-            type=semver,pattern=v{{major}}.{{minor}}.{{patch}}
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v2
@@ -63,55 +30,31 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
           logout: false
 
-      - name: Build and Push Docker Image
-        uses: docker/[email protected]
-        with:
-          context: .
-          file: .//Dockerfile
-          tags: |
-            ${{ steps.meta.outputs.tags }}
-          pull: true
-          push: true
-
-      - name: Upload Release Asset Linux
-        id: upload-release-asset-linux
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: ./bin/capi2argo-cluster-operator
-          asset_name: capi2argo-cluster-operator
-          asset_content_type: application/octet-stream
-
-      - name: Upload Release Asset Linux checksum
-        id: upload-release-asset-linux-checksum
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: ./bin/capi2argo-cluster-operator.sha256
-          asset_name: capi2argo-cluster-operator.sha256
-          asset_content_type: text/plain
-
       - name: Install Cosign
         uses: sigstore/[email protected]
         with:
-          cosign-release: 'v1.9.0'
+          cosign-release: 'v2.0.0'
 
-      - name: Write signing key to disk
+      - name: Write Cosign signing key to disk
         run: 'echo "$KEY" > cosign.key'
         shell: bash
         env:
           KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
 
-      - name: Sign container image with annotations from our environment
-        run: |
-          cosign sign --key cosign.key \
-            -a "repo=${{ github.repository }}" \
-            -a "workflow=${{ github.workflow }}" \
-            -a "ref=${{ github.sha }}" \
-            ghcr.io/dntosas/capi2argo-cluster-operator:${{ github.event.release.tag_name }}
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v4
+        with:
+          args: release --clean --config .github/config/goreleaser.yaml
         env:
-          COSIGN_PASSWORD: ""
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PRIVATE_KEY }}
+
+      # - name: Sign container image with annotations from our environment
+      #   run: |
+      #     cosign sign --key cosign.key \
+      #       -a "repo=${{ github.repository }}" \
+      #       -a "workflow=${{ github.workflow }}" \
+      #       -a "ref=${{ github.sha }}" \
+      #       ghcr.io/dntosas/capi2argo-cluster-operator:${{ github.event.release.tag_name }}
+      #   env:
+      #     COSIGN_PASSWORD: ""
diff --git a/.gitignore b/.gitignore
@@ -23,3 +23,7 @@ testbin/*
 *.swp
 *.swo
 *~
+
+dist/
+
+cosign.key
diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,6 @@
 # Switch to distroless as minimal base image to package the capi2argo-cluster-operator binary
 FROM "gcr.io/distroless/static:nonroot"
 WORKDIR /
-COPY bin/capi2argo-cluster-operator .
+COPY capi2argo-cluster-operator .
 USER 65532:65532
 ENTRYPOINT ["/capi2argo-cluster-operator"]
diff --git a/README.md b/README.md
@@ -136,4 +136,4 @@ In the meantime, feel free to grab any of unimplemented bullets on the Roadmap s
 - [ ] Garbage Collection
 - [ ] Quickstart Deployment (Kind Cluster)
 - [ ] Support for filtering Namespaces
-- [ ] Support for filtering Objects
+- [x] Support for multi-arch Docker images (amd64/arm64)
diff --git a/charts/capi2argo-cluster-operator/Chart.yaml b/charts/capi2argo-cluster-operator/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 0.1.9
+appVersion: 0.1.11
 description: Capi-2-Argo Cluster Operator (CACO) converts ClusterAPI Cluster credentials into ArgoCD Cluster definitions and keep them synchronized.
 home: https://github.com/dntosas/capi2argo-cluster-operator
 keywords:
@@ -11,7 +11,7 @@ maintainers:
 name: capi2argo-cluster-operator
 sources:
 - https://github.com/dntosas/capi2argo-cluster-operator
-version: 0.1.10
+version: 0.1.11
 dependencies:
 - name: common
   repository: "https://charts.bitnami.com/bitnami"

diff --git a/charts/capi2argo-cluster-operator/README.md b/charts/capi2argo-cluster-operator/README.md
@@ -1,6 +1,6 @@
 # capi2argo-cluster-operator
 
-![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![AppVersion: 0.1.7](https://img.shields.io/badge/AppVersion-0.1.7-informational?style=flat-square)
+![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![AppVersion: 0.1.11](https://img.shields.io/badge/AppVersion-0.1.11-informational?style=flat-square)
 
 Capi-2-Argo Cluster Operator (CACO) converts ClusterAPI Cluster credentials into ArgoCD Cluster definitions and keep them synchronized.
 
@@ -20,14 +20,15 @@ Capi-2-Argo Cluster Operator (CACO) converts ClusterAPI Cluster credentials into
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://charts.bitnami.com/bitnami | common | 1.x.x |
+| https://charts.bitnami.com/bitnami | common | 2.x.x |
 
 ## Values
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | affinity | object | `{}` |  |
 | allowedNamespaces | string | `""` |  |
+| argoCDNamespace | string | `"argocd"` |  |
 | args | list | `[]` |  |
 | command | list | `[]` |  |
 | commonAnnotations | object | `{}` |  |
@@ -48,7 +49,7 @@ Capi-2-Argo Cluster Operator (CACO) converts ClusterAPI Cluster credentials into
 | image.pullSecrets | list | `[]` |  |
 | image.registry | string | `"ghcr.io"` |  |
 | image.repository | string | `"dntosas/capi2argo-cluster-operator"` |  |
-| image.tag | string | `"v0.1.7"` |  |
+| image.tag | string | `"v0.1.11"` |  |
 | initContainers | list | `[]` |  |
 | kubeVersion | string | `""` |  |
 | leaderElection | bool | `false` |  |
@@ -88,7 +89,6 @@ Capi-2-Argo Cluster Operator (CACO) converts ClusterAPI Cluster credentials into
 | rbac.apiVersion | string | `"v1"` |  |
 | rbac.clusterRole | bool | `true` |  |
 | rbac.create | bool | `true` |  |
-| rbac.pspEnabled | bool | `false` |  |
 | readinessProbe.enabled | bool | `true` |  |
 | readinessProbe.failureThreshold | int | `6` |  |
 | readinessProbe.initialDelaySeconds | int | `5` |  |

diff --git a/charts/capi2argo-cluster-operator/values.yaml b/charts/capi2argo-cluster-operator/values.yaml
@@ -12,7 +12,7 @@ replicaCount: 1
 image:
   registry: ghcr.io
   repository: dntosas/capi2argo-cluster-operator
-  tag: v0.1.10
+  tag: v0.1.11
   pullPolicy: IfNotPresent
   pullSecrets: []
-Original file line number
+Diff line change
@@ Expand Up / @@ -23,3 +23,7 @@ testbin/* @@
     *.swp
     *.swo
     *~
+    dist/
+    cosign.key