From d7913a6789f0824c2f1839dbefe2e34db8141c5f Mon Sep 17 00:00:00 2001 From: Mikhail Swift Date: Tue, 23 Jul 2024 14:00:17 -0400 Subject: [PATCH] chore(ci): build images with dockerfile instead of ko (#332) * chore(ci): build images with dockerfile instead of ko Our Dockerfile includes our migrations and Atlas to execute those migrations. However, the public image we are pushing is built with Ko and excludes these files/tools. This commit switches gorelease to build the image with the included Dockerfile. Signed-off-by: Mikhail Swift * chore(ci): update witness-run-action, change witness install dir This updates the witness-run-action, and installs witness to a directory outside of the current source directory. This keeps our source git tree clean. Signed-off-by: Mikhail Swift --------- Signed-off-by: Mikhail Swift --- .github/workflows/pipeline.yml | 9 ++++- .github/workflows/witness.yml | 3 +- .goreleaser.yaml | 60 +++++++++++++++++++++++++++------- 3 files changed, 59 insertions(+), 13 deletions(-) diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index c3290905..a5f3dfee 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -86,15 +86,22 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Download GoReleaser run: go install github.com/goreleaser/goreleaser@v1.23.0 - name: Run GoReleaser - uses: testifysec/witness-run-action@85ddab8b46a86b2905a3b547a1806ab264fbb810 + uses: testifysec/witness-run-action@cceed291062b350dc658d7d189933ac47d4f4dec env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }} with: + witness-install-dir: /opt/witness step: "build" attestations: "github" command: goreleaser release --clean diff --git a/.github/workflows/witness.yml b/.github/workflows/witness.yml index 25d88e8d..d2060dec 100644 --- a/.github/workflows/witness.yml +++ b/.github/workflows/witness.yml @@ -49,8 +49,9 @@ jobs: go-version: 1.21.x - if: ${{ inputs.pull_request == false }} - uses: testifysec/witness-run-action@85ddab8b46a86b2905a3b547a1806ab264fbb810 + uses: testifysec/witness-run-action@cceed291062b350dc658d7d189933ac47d4f4dec with: + witness-install-dir: /opt/witness step: ${{ inputs.step }} attestations: ${{ inputs.attestations }} command: /bin/sh -c "${{ inputs.command }}" diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 101e6b80..9462a99a 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -74,18 +74,56 @@ release: prerelease: auto github: owner: "{{ .Env.GITHUB_REPOSITORY_OWNER }}" +dockers: + - image_templates: + - "ghcr.io/in-toto/archivista:{{ .Version }}-amd64" + use: buildx + build_flag_templates: + - "--pull" + - "--platform=linux/amd64" + extra_files: + - "archivista.graphql" + - "ent.graphql" + - "ent.resolvers.go" + - "entrypoint.sh" + - "gen.go" + - "generated.go" + - "go.mod" + - "go.sum" + - "resolver.go" + - "docs" + - "ent" + - "cmd" + - "ent" + - "pkg" + - image_templates: + - "ghcr.io/in-toto/archivista:{{ .Version }}-arm64" + use: buildx + build_flag_templates: + - "--pull" + - "--platform=linux/arm64" + extra_files: + - "archivista.graphql" + - "ent.graphql" + - "ent.resolvers.go" + - "entrypoint.sh" + - "gen.go" + - "generated.go" + - "go.mod" + - "go.sum" + - "resolver.go" + - "docs" + - "ent" + - "cmd" + - "ent" + - "pkg" + goarch: arm64 +docker_manifests: + - name_template: "ghcr.io/in-toto/archivista:{{ .Version }}" + image_templates: + - "ghcr.io/in-toto/archivista:{{ .Version }}-amd64" + - "ghcr.io/in-toto/archivista:{{ .Version }}-arm64" kos: - - repository: ghcr.io/in-toto/archivista - id: archivista - build: archivista - tags: - - '{{.Version}}' - bare: true - preserve_import_paths: false - creation_time: '{{.CommitTimestamp}}' - platforms: - - linux/amd64 - - linux/arm64 - repository: ghcr.io/in-toto/archivistactl id: archivistactl build: archivistactl