✨ Add gc repository, tag, artifact, blob daemon task (#226)

* ✨ Add dao funcs for gc * ⬆️ Upgrade syft * ⬆️ Upgrade axios * ✨ Add gc artifact, blob daemon task * ✨ Update definitions * ✨ Add daemon task handler * ✨ Add gc tag table * ✨ Update gc api handler types * ✨ Update dao * ✨ Update daemon gc decorator * ✨ Update gc api handlers * ✨ Add daemon gc tag task * ✨ First day about gc fe * ✨ Add api docs for daemon * ⬆️ Update syft and trivy * ✨ Show next run * ✨ Support create gc rules * ✨ Add message field for record table * ✨ Support update gc repository success count * ✨ Change gc implement * ✨ Complete gc implemention * ✨ Update gc daemon task page * ✨ Add runner and records page * ✨ Fix link * ✨ Fix bugs
go-sigma · Nov 16, 2023 · 7b1e1d1 · 7b1e1d1
1 parent 94bcc72
commit 7b1e1d1
Show file tree

Hide file tree

Showing 111 changed files with 25,635 additions and 4,035 deletions.
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -50,8 +50,3 @@ jobs:
         with:
           dockerfile: ./build/Dockerfile
           ignore: DL3018,DL3003
-      - name: Lint Dockerfile
-        uses: hadolint/[email protected]
-        with:
-          dockerfile: ./build/Dockerfile.local
-          ignore: DL3018,DL3003
diff --git a/Makefile b/Makefile
@@ -4,8 +4,8 @@ GOVET             = $(GOCMD) vet
 BINARY_NAME       = sigma
 VERSION          ?= 0.0.0
 SERVICE_PORT     ?= 3000
-DOCKER_REGISTRY  ?= docker.io/tosone
-DOCKER_PLATFORMS ?= linux/amd64,linux/arm64
+DOCKER_REGISTRY  ?= ghcr.io/go-sigma
+
 APPNAME          ?= sigma
 NAMESPACE        ?= sigma
 KUBECONFIG       ?= ~/.kube/config
@@ -27,6 +27,21 @@ GOLDFLAGS        += -X github.com/go-sigma/sigma/pkg/version.BuildDate=$(shell d
 GOLDFLAGS        += -X github.com/go-sigma/sigma/pkg/version.GitHash=$(shell git rev-parse --short HEAD)
 GOFLAGS           = -ldflags '-s -w $(GOLDFLAGS)'
 
+BUILDARCH        ?= $(shell uname -m)
+
+# canonicalized names for host architecture
+ifeq ($(BUILDARCH),aarch64)
+  BUILDARCH=arm64
+endif
+ifeq ($(BUILDARCH),x86_64)
+  BUILDARCH=amd64
+endif
+ifeq ($(BUILDARCH),armv7l)
+  BUILDARCH=armv7
+endif
+
+DOCKER_PLATFORMS ?= linux/$(BUILDARCH)
+
 .PHONY: all test build vendor
 
 all: build build-builder
@@ -77,17 +92,11 @@ endif
 	docker run --rm -it -v $(shell pwd):/data cytopia/yamllint -f parsable $(shell git ls-files '*.yml' '*.yaml') $(OUTPUT_OPTIONS)
 
 ## Docker:
-docker-build: ## Use the dockerfile to build the container
-	docker buildx build -f build/Dockerfile --platform $(DOCKER_PLATFORMS) --progress plain --output type=image,name=$(DOCKER_REGISTRY)/$(BINARY_NAME):latest,push=true .
-
-docker-build-local: build-linux ## Build the container with the local binary
-	docker buildx build -f build/Dockerfile.local --platform $(DOCKER_PLATFORMS) --progress plain --output type=image,name=$(DOCKER_REGISTRY)/$(BINARY_NAME):latest,push=true .
-
-docker-build-builder: ## Build the dev container
-	docker buildx build -f build/Dockerfile.builder --platform $(DOCKER_PLATFORMS) --progress plain --output type=image,name=$(DOCKER_REGISTRY)/$(BINARY_NAME)-builder:latest,push=true .
+docker-build: ## Use the dockerfile to build the sigma image
+	docker buildx build -f build/Dockerfile --platform $(DOCKER_PLATFORMS) --progress plain --output type=docker,name=$(DOCKER_REGISTRY)/$(BINARY_NAME):latest,push=false,oci-mediatypes=true .
 
-docker-build-builder-local: build-builder-linux # Build sigma builder image
-	docker buildx build -f build/Dockerfile.builder.local --platform $(DOCKER_PLATFORMS) --progress plain --output type=image,name=$(DOCKER_REGISTRY)/$(BINARY_NAME)-builder:latest,push=true .
+docker-build-builder: ## Use the dockerfile to build the sigma-builder image
+	docker buildx build -f build/Dockerfile.builder --platform $(DOCKER_PLATFORMS) --progress plain --output type=docker,name=$(DOCKER_REGISTRY)/$(BINARY_NAME)-builder:latest,push=false,oci-mediatypes=true .
 
 ## Format:
 format: sql-format
@@ -107,7 +116,7 @@ swagen: ## Generate swagger from code comments
 	@swag init --output pkg/handlers/apidocs
 
 addlicense: ## Add license to all go files
-	@find pkg -type f -name "*.go" | xargs addlicense -l apache -y 2023 -c "sigma"
+	@find pkg -type f -name "*.go" | grep -v "pkg/handlers/apidocs/docs.go" | xargs addlicense -l apache -y 2023 -c "sigma"
 	@find cmd -type f -name "*.go" | xargs addlicense -l apache -y 2023 -c "sigma"
 	@addlicense -l apache -y 2023 -c "sigma" main.go
 	@addlicense -l apache -y 2023 -c "sigma" web/web.go
@@ -143,4 +152,4 @@ help: ## Show this help.
 	@awk 'BEGIN {FS = ":.*?## "} { \
 		if (/^[a-zA-Z_-]+:.*?##.*$$/) {printf "    ${YELLOW}%-30s${GREEN}%s${RESET}\n", $$1, $$2} \
 		else if (/^## .*$$/) {printf "  ${CYAN}%s${RESET}\n", substr($$1,4)} \
-		}' $(MAKEFILE_LIST)
+		}' $(MAKEFILE_LIST)
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 <p align="center">
   <a href="https://github.com/go-sigma/sigma">
-    <img alt="sigma" src="https://media.githubusercontent.com/media/go-sigma/sigma/main/assets/sigma.svg" width="220"/>
+    <img alt="sigma" src="https://raw.githubusercontent.com/go-sigma/sigma/main/assets/sigma.svg" width="220"/>
   </a>
 </p>
 <h1 align="center">sigma</h1>

diff --git a/build/Dockerfile b/build/Dockerfile
@@ -1,4 +1,4 @@
-ARG GOLANG_VERSION=1.21.3-alpine3.18
+ARG GOLANG_VERSION=1.21.4-alpine3.18
 ARG NODE_VERSION=18-alpine3.18
 ARG ALPINE_VERSION=3.18
 
@@ -10,11 +10,11 @@ COPY ./web /web
 
 WORKDIR /web
 
-RUN set -eux && yarn install --frozen-lockfile && yarn build
+RUN --mount=type=cache,target=/web/node_modules set -eux && yarn install --frozen-lockfile && yarn build
 
 FROM alpine:${ALPINE_VERSION} as syft
 
-ARG SYFT_VERSION=0.93.0
+ARG SYFT_VERSION=0.96.0
 ARG TARGETARCH
 
 RUN set -eux && \
@@ -26,7 +26,7 @@ RUN set -eux && \
 
 FROM alpine:${ALPINE_VERSION} as trivy
 
-ARG TRIVY_VERSION=0.46.0
+ARG TRIVY_VERSION=0.47.0
 ARG ORAS_VERSION=1.0.0
 ARG TARGETARCH
 
@@ -54,14 +54,14 @@ RUN set -eux && \
 FROM golang:${GOLANG_VERSION} as builder
 
 RUN set -eux && \
-  apk add --no-cache make bash ncurses build-base git git-lfs
+  apk add --no-cache make bash ncurses build-base git openssl
 
 COPY . /go/src/github.com/go-sigma/sigma
 COPY --from=web-builder /web/dist /go/src/github.com/go-sigma/sigma/web/dist
 
 WORKDIR /go/src/github.com/go-sigma/sigma
 
-RUN --mount=type=cache,target=/root/.cache/go-build make build
+RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache/go-build make build
 
 FROM alpine:${ALPINE_VERSION}
 

diff --git a/build/Dockerfile.builder b/build/Dockerfile.builder
@@ -1,25 +1,25 @@
-ARG GOLANG_VERSION=1.21.3-alpine3.18
-ARG BUILDKIT_VERSION=v0.12.2-rootless
+ARG GOLANG_VERSION=1.21.4-alpine3.18
+ARG BUILDKIT_VERSION=v0.12.3-rootless
+ARG ALPINE_VERSION=3.18
 
-FROM golang:${GOLANG_VERSION} as cosign
+FROM alpine:${ALPINE_VERSION} as cosign
 
-WORKDIR /go/src/github.com/sigstore
+ARG COSIGN_VERSION=v2.2.1
+ARG TARGETARCH
 
 RUN set -eux && \
-  apk add --no-cache make bash ncurses build-base git git-lfs && \
-  git clone https://github.com/go-sigma/cosign.git && \
-  cd cosign && \
-  make
+  apk add --no-cache wget && \
+  wget -O /tmp/cosign https://github.com/sigstore/cosign/releases/download/"${COSIGN_VERSION}"/cosign-linux-"${TARGETARCH}"
 
 FROM golang:${GOLANG_VERSION} as builder
 
-COPY . /go/src/github.com/go-sigma/sigma
+RUN set -eux && \
+  apk add --no-cache make bash ncurses build-base git openssl
 
+COPY . /go/src/github.com/go-sigma/sigma
 WORKDIR /go/src/github.com/go-sigma/sigma
 
-RUN set -eux && \
-  apk add --no-cache make bash ncurses build-base git git-lfs && \
-  make build-builder
+RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache/go-build make build-builder
 
 FROM moby/buildkit:${BUILDKIT_VERSION}
 
@@ -30,7 +30,7 @@ RUN set -eux && \
   chown -R 1000:1000 /opt/ && \
   chown -R 1000:1000 /code/
 
-COPY --from=cosign /go/src/github.com/sigstore/cosign/cosign /usr/local/bin/cosign
+COPY --from=cosign /tmp/cosign /usr/local/bin/cosign
 COPY --from=builder /go/src/github.com/go-sigma/sigma/bin/sigma-builder /usr/local/bin/sigma-builder
 
 WORKDIR /code

diff --git a/build/Dockerfile.builder.local b/build/Dockerfile.builder.local
diff --git a/build/Dockerfile.debian b/build/Dockerfile.debian
@@ -1,4 +1,4 @@
-ARG GOLANG_VERSION=1.21.3-bookworm
+ARG GOLANG_VERSION=1.21.4-bookworm
 ARG NODE_VERSION=18-alpine3.18
 ARG ALPINE_VERSION=3.18
 ARG DEBIAN_VERSION=bookworm-slim
@@ -15,7 +15,7 @@ RUN set -eux && yarn install --frozen-lockfile && yarn build
 
 FROM alpine:${ALPINE_VERSION} as syft
 
-ARG SYFT_VERSION=0.93.0
+ARG SYFT_VERSION=0.96.0
 ARG TARGETARCH
 
 RUN set -eux && \
@@ -27,7 +27,7 @@ RUN set -eux && \
 
 FROM alpine:${ALPINE_VERSION} as trivy
 
-ARG TRIVY_VERSION=0.46.0
+ARG TRIVY_VERSION=0.47.0
 ARG ORAS_VERSION=1.0.0
 ARG TARGETARCH
 
@@ -58,7 +58,7 @@ RUN set -eux && \
   apt-get update && \
 	apt-get install -y --no-install-recommends \
 		build-essential \
-		git-lfs \
+		git \
 	&& \
 	rm -rf /var/lib/apt/lists/*
 
@@ -67,7 +67,7 @@ COPY --from=web-builder /web/dist /go/src/github.com/go-sigma/sigma/web/dist
 
 WORKDIR /go/src/github.com/go-sigma/sigma
 
-RUN --mount=type=cache,target=/root/.cache/go-build make build
+RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache/go-build make build
 
 FROM debian:${DEBIAN_VERSION}
 

diff --git a/build/Dockerfile.local b/build/Dockerfile.local