Spectro CICD

spectrocloud · Jun 4, 2023 · 4899c4f · 4899c4f
1 parent 02bb55c
commit 4899c4f
Show file tree

Hide file tree

Showing 3 changed files with 89 additions and 7 deletions.
diff --git a/.github/workflows/spectro-release.yaml b/.github/workflows/spectro-release.yaml
@@ -0,0 +1,68 @@
+name: Spectro Release
+run-name: Release for Cluster API  AWS ${{ github.event.inputs.release_version }}
+on:
+  workflow_dispatch:
+    inputs:
+      release_version:
+        description: 'Cluster API Version to Build'
+        required: true
+        default: '0.0.0'
+jobs:
+  builder:
+    # edge-runner machine group is a bunch of machines in US Datacenter
+    runs-on: ubuntu-latest
+    # Initialize all secrets required for the job
+    # Ensure that the credentials are provided as encrypted secrets
+    env:
+      SPECTRO_VERSION: ${{ github.event.inputs.release_version }}
+    steps:
+      -
+        uses: mukunku/[email protected]
+        id: checkTag
+        with:
+          tag: spectro-v${{ github.event.inputs.release_version }}
+      -
+        if: ${{ steps.checkTag.outputs.exists == 'true' }}
+        run: |
+          echo "Tag already exists for spectro-v${{ github.event.inputs.release_version }}..."
+          exit 1
+      -
+        uses: actions/checkout@v3
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      -
+        name: Login to private registry
+        uses: docker/login-action@v1
+        with:
+          registry: ${{ secrets.REGISTRY_URL }}
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+      -
+        name: Build Image
+        env:
+          DEV_REGISTRY: gcr.io/spectro-images-public/release/cluster-api-aws
+        run: |
+          make docker-build-all
+          make docker-push-all
+      -
+        name: Build Image - FIPS Mode
+        env:
+          FIPS_ENABLE: yes
+          DEV_REGISTRY: gcr.io/spectro-images-public/release-fips/cluster-api-aws
+        run: |
+          make docker-build
+          make docker-push-gcr
+      -
+        name: Create Release
+        id: create_release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: spectro-v${{ github.event.inputs.release_version }}
+          release_name: Release spectro-v${{ github.event.inputs.release_version }}
+          body: |
+            Release version ${{ github.event.inputs.release_version }}
+          draft: false
+          prerelease: false
diff --git a/Dockerfile b/Dockerfile
@@ -21,6 +21,10 @@ FROM golang:1.19.8 as toolchain
 ARG goproxy=https://proxy.golang.org
 ENV GOPROXY=$goproxy
 
+# FIPS
+ARG CRYPTO_LIB
+ENV GOEXPERIMENT=${CRYPTO_LIB:+boringcrypto}
+
 FROM toolchain as builder
 WORKDIR /workspace
 

diff --git a/Makefile b/Makefile
@@ -81,7 +81,6 @@ STAGING_REGISTRY ?= gcr.io/spectro-dev-public/cluster-api-aws
 STAGING_BUCKET ?= artifacts.k8s-staging-cluster-api-aws.appspot.com
 BUCKET ?= $(STAGING_BUCKET)
 PROD_REGISTRY := registry.k8s.io/cluster-api-aws
-REGISTRY ?= gcr.io/spectro-dev-public/amit/cluster-api-aws
 RELEASE_TAG ?= $(shell git describe --abbrev=0 2>/dev/null)
 PULL_BASE_REF ?= $(RELEASE_TAG) # PULL_BASE_REF will be provided by Prow
 RELEASE_ALIAS_TAG ?= $(PULL_BASE_REF)
@@ -92,10 +91,21 @@ BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD)
 # image name used to build the cmd/clusterawsadm
 TOOLCHAIN_IMAGE := toolchain
 
-TAG ?= spectro-v1.5.2-$(shell date +%Y%m%d)
-#ARCH ?= $(shell go env GOARCH)
+# Fips Flags
+FIPS_ENABLE ?= ""
+
+RELEASE_LOC := release
+ifeq ($(FIPS_ENABLE),yes)
+  RELEASE_LOC := release-fips
+endif
+
+SPECTRO_VERSION ?= 4.0.0-dev
+TAG ?= v1.5.2-spectro-${SPECTRO_VERSION}
 ARCH ?= amd64
-ALL_ARCH ?= amd64 arm arm64 ppc64le s390x
+# ALL_ARCH = amd64 arm arm64 ppc64le s390x
+ALL_ARCH = amd64 
+
+REGISTRY ?= gcr.io/spectro-dev-public/$(USER)/${RELEASE_LOC}
 
 # main controller
 CORE_IMAGE_NAME ?= cluster-api-aws-controller
@@ -344,8 +354,8 @@ clusterawsadm: ## Build clusterawsadm binary
 
 .PHONY: docker-build
 docker-build: docker-pull-prerequisites ## Build the docker image for controller-manager
-	docker build --build-arg ARCH=$(ARCH) --build-arg LDFLAGS="$(LDFLAGS)" . -t $(CORE_CONTROLLER_IMG):$(TAG)
-	@echo $(CORE_CONTROLLER_IMG):$(TAG)
+	docker build  --build-arg CRYPTO_LIB=${FIPS_ENABLE} --build-arg ARCH=$(ARCH) --build-arg LDFLAGS="$(LDFLAGS)" . -t $(CORE_CONTROLLER_IMG)-$(ARCH):$(TAG)
+	@echo $(CORE_CONTROLLER_IMG)-$(ARCH):$(TAG)
 
 .PHONY: docker-build-all ## Build all the architecture docker images
 docker-build-all: $(addprefix docker-build-,$(ALL_ARCH))
@@ -488,7 +498,7 @@ compiled-manifest: $(RELEASE_DIR) $(KUSTOMIZE) ## Compile the manifest files
 
 .PHONY: docker-push
 docker-push: ## Push the docker image
-	docker push $(CORE_CONTROLLER_IMG):$(TAG)
+	docker push $(CORE_CONTROLLER_IMG)-$(ARCH):$(TAG)
 
 .PHONY: docker-push-all ## Push all the architecture docker images
 docker-push-all: $(addprefix docker-push-,$(ALL_ARCH))