Mirrors/grype
2
0
Fork 0
mirror of https://github.com/anchore/grype synced 2024-09-20 06:21:56 +00:00
Code Issues Projects Releases Packages Wiki Activity

move docker release into separate release workflow (#862)

Browse source
This commit is contained in:
Christopher Angelo Phillips 2022-08-03 09:10:40 -04:00 committed by GitHub
parent 5cb0bf742b
commit 6810fa5809
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 187 additions and 103 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
.github/workflows/release.yaml vendored
View file

@ -94,10 +94,8 @@ jobs:
release:
needs: [quality-gate]
# due to our code signing process, it's vital that we run our release steps on macOS
runs-on: macos-latest
runs-on: ubuntu-latest
steps:
- uses: docker-practice/actions-setup-docker@v1
- uses: actions/setup-go@v2
with:
go-version: ${{ env.GO_VERSION }}
@ -130,11 +128,6 @@ jobs:
- name: Build & publish release artifacts
run: make release
env:
GHCR_USERNAME: ${{ github.actor }}
GHCR_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
DOCKER_USERNAME: ${{ secrets.TOOLBOX_DOCKER_USER }}
DOCKER_PASSWORD: ${{ secrets.TOOLBOX_DOCKER_PASS }}
# we use a different token than GITHUB_SECRETS to additionally allow updating the homebrew repos
GITHUB_TOKEN: ${{ secrets.ANCHORE_GIT_READ_TOKEN }}
AWS_ACCESS_KEY_ID: ${{ secrets.TOOLBOX_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.TOOLBOX_AWS_SECRET_ACCESS_KEY }}
@ -164,3 +157,44 @@ jobs:
with:
name: artifacts
path: dist/**/*
release-docker-assets:
needs: [release]
# code signing requires we run on mac-os runners. docker does not come installed on the mac-os runner
# a previous release process installed and configured docker on the mac-os runner which lead to blocked releases
# the anchore tools team opted to break this step out to a separate process to remove this work constraint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-go@v2
with:
go-version: ${{ env.GO_VERSION }}
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.TOOLBOX_DOCKER_USER }}
password: ${{ secrets.TOOLBOX_DOCKER_PASS }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Restore go cache
id: go-cache
uses: actions/cache@v2.1.3
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-${{ env.GO_VERSION }}-
- name: (cache-miss) Bootstrap all project dependencies
if: steps.tool-cache.outputs.cache-hit != 'true' || steps.go-cache.outputs.cache-hit != 'true'
run: make bootstrap
- name: Build & Publish docker images
run: make release-docker-assets

95
.goreleaser.yaml
View file

@ -2,10 +2,6 @@ release:
prerelease: auto
draft: false
env:
# required to support multi architecture docker builds
- DOCKER_CLI_EXPERIMENTAL=enabled
before:
hooks:
- ./.github/scripts/apple-signing/setup.sh {{ .IsSnapshot }}
@ -91,94 +87,3 @@ brews:
homepage: *website
description: *description
license: "Apache License 2.0"
dockers:
- image_templates:
- anchore/grype:debug
- anchore/grype:{{.Tag}}-debug
- ghcr.io/anchore/grype:debug
- ghcr.io/anchore/grype:{{.Tag}}-debug
goarch: amd64
dockerfile: Dockerfile.debug
use: buildx
build_flag_templates:
- "--platform=linux/amd64"
- "--build-arg=BUILD_DATE={{.Date}}"
- "--build-arg=BUILD_VERSION={{.Version}}"
- "--build-arg=VCS_REF={{.FullCommit}}"
- "--build-arg=VCS_URL={{.GitURL}}"
- image_templates:
- anchore/grype:debug-arm64v8
- anchore/grype:{{.Tag}}-debug-arm64v8
- ghcr.io/anchore/grype:debug-arm64v8
- ghcr.io/anchore/grype:{{.Tag}}-debug-arm64v8
goarch: arm64
dockerfile: Dockerfile.debug
use: buildx
build_flag_templates:
- "--platform=linux/arm64/v8"
- "--build-arg=BUILD_DATE={{.Date}}"
- "--build-arg=BUILD_VERSION={{.Version}}"
- "--build-arg=VCS_REF={{.FullCommit}}"
- "--build-arg=VCS_URL={{.GitURL}}"
- image_templates:
- anchore/grype:latest
- anchore/grype:{{.Tag}}
- ghcr.io/anchore/grype:latest
- ghcr.io/anchore/grype:{{.Tag}}
goarch: amd64
dockerfile: Dockerfile
use: buildx
build_flag_templates:
- "--platform=linux/amd64"
- "--build-arg=BUILD_DATE={{.Date}}"
- "--build-arg=BUILD_VERSION={{.Version}}"
- "--build-arg=VCS_REF={{.FullCommit}}"
- "--build-arg=VCS_URL={{.GitURL}}"
- image_templates:
- anchore/grype:{{.Tag}}-arm64v8
- ghcr.io/anchore/grype:{{.Tag}}-arm64v8
goarch: arm64
dockerfile: Dockerfile.debug
use: buildx
build_flag_templates:
- "--platform=linux/arm64/v8"
- "--build-arg=BUILD_DATE={{.Date}}"
- "--build-arg=BUILD_VERSION={{.Version}}"
- "--build-arg=VCS_REF={{.FullCommit}}"
- "--build-arg=VCS_URL={{.GitURL}}"
docker_manifests:
- name_template: anchore/grype:latest
image_templates:
- anchore/grype:{{.Tag}}
- anchore/grype:{{.Tag}}-arm64v8
- name_template: anchore/grype:debug
image_templates:
- anchore/grype:{{.Tag}}-debug
- anchore/grype:{{.Tag}}-debug-arm64v8
- name_template: anchore/grype:{{.Tag}}
image_templates:
- anchore/grype:{{.Tag}}
- anchore/grype:{{.Tag}}-arm64v8
- name_template: ghcr.io/anchore/grype:latest
image_templates:
- ghcr.io/anchore/grype:{{.Tag}}
- ghcr.io/anchore/grype:{{.Tag}}-arm64v8
- name_template: ghcr.io/anchore/grype:debug
image_templates:
- ghcr.io/anchore/grype:{{.Tag}}-debug
- ghcr.io/anchore/grype:{{.Tag}}-debug-arm64v8
- name_template: ghcr.io/anchore/grype:{{.Tag}}
image_templates:
- ghcr.io/anchore/grype:{{.Tag}}
- ghcr.io/anchore/grype:{{.Tag}}-arm64v8

120
.goreleaser_docker.yaml Normal file
View file

@ -0,0 +1,120 @@
# Separate docker configuration to isolate docker dependency away from
# mac-os runner on github actions.
release:
disable: true
env:
# required to support multi architecture docker builds
- DOCKER_CLI_EXPERIMENTAL=enabled
builds:
- id: linux-build
binary: grype
goos:
- linux
goarch:
- amd64
- arm64
# set the modified timestamp on the output binary to the git timestamp to ensure a reproducible build
mod_timestamp: &build-timestamp '{{ .CommitTimestamp }}'
env: &build-env
- CGO_ENABLED=0
ldflags: &build-ldflags |
-w
-s
-extldflags '-static'
-X github.com/anchore/grype/internal/version.version={{.Version}}
-X github.com/anchore/grype/internal/version.syftVersion={{.Env.SYFT_VERSION}}
-X github.com/anchore/grype/internal/version.gitCommit={{.Commit}}
-X github.com/anchore/grype/internal/version.buildDate={{.Date}}
-X github.com/anchore/grype/internal/version.gitDescription={{.Summary}}
dockers:
- image_templates:
- anchore/grype:debug
- anchore/grype:{{.Tag}}-debug
- ghcr.io/anchore/grype:debug
- ghcr.io/anchore/grype:{{.Tag}}-debug
goarch: amd64
dockerfile: Dockerfile.debug
use: buildx
build_flag_templates:
- "--platform=linux/amd64"
- "--build-arg=BUILD_DATE={{.Date}}"
- "--build-arg=BUILD_VERSION={{.Version}}"
- "--build-arg=VCS_REF={{.FullCommit}}"
- "--build-arg=VCS_URL={{.GitURL}}"
- image_templates:
- anchore/grype:debug-arm64v8
- anchore/grype:{{.Tag}}-debug-arm64v8
- ghcr.io/anchore/grype:debug-arm64v8
- ghcr.io/anchore/grype:{{.Tag}}-debug-arm64v8
goarch: arm64
dockerfile: Dockerfile.debug
use: buildx
build_flag_templates:
- "--platform=linux/arm64/v8"
- "--build-arg=BUILD_DATE={{.Date}}"
- "--build-arg=BUILD_VERSION={{.Version}}"
- "--build-arg=VCS_REF={{.FullCommit}}"
- "--build-arg=VCS_URL={{.GitURL}}"
- image_templates:
- anchore/grype:latest
- anchore/grype:{{.Tag}}
- ghcr.io/anchore/grype:latest
- ghcr.io/anchore/grype:{{.Tag}}
goarch: amd64
dockerfile: Dockerfile
use: buildx
build_flag_templates:
- "--platform=linux/amd64"
- "--build-arg=BUILD_DATE={{.Date}}"
- "--build-arg=BUILD_VERSION={{.Version}}"
- "--build-arg=VCS_REF={{.FullCommit}}"
- "--build-arg=VCS_URL={{.GitURL}}"
- image_templates:
- anchore/grype:{{.Tag}}-arm64v8
- ghcr.io/anchore/grype:{{.Tag}}-arm64v8
goarch: arm64
dockerfile: Dockerfile
use: buildx
build_flag_templates:
- "--platform=linux/arm64/v8"
- "--build-arg=BUILD_DATE={{.Date}}"
- "--build-arg=BUILD_VERSION={{.Version}}"
- "--build-arg=VCS_REF={{.FullCommit}}"
- "--build-arg=VCS_URL={{.GitURL}}"
docker_manifests:
- name_template: anchore/grype:latest
image_templates:
- anchore/grype:{{.Tag}}
- anchore/grype:{{.Tag}}-arm64v8
- name_template: anchore/grype:debug
- anchore/grype:{{.Tag}}-debug
- anchore/grype:{{.Tag}}-debug-arm64v8
- name_template: anchore/grype:{{.Tag}}
image_templates:
- anchore/grype:{{.Tag}}
- anchore/grype:{{.Tag}}-arm64v8
- name_template: ghcr.io/anchore/grype:latest
image_templates:
- ghcr.io/anchore/grype:{{.Tag}}
- ghcr.io/anchore/grype:{{.Tag}}-arm64v8
- name_template: ghcr.io/anchore/grype:debug
image_templates:
- ghcr.io/anchore/grype:{{.Tag}}-debug
- ghcr.io/anchore/grype:{{.Tag}}-debug-arm64v8
- name_template: ghcr.io/anchore/grype:{{.Tag}}
image_templates:
- ghcr.io/anchore/grype:{{.Tag}}
- ghcr.io/anchore/grype:{{.Tag}}-arm64v8

25
Makefile
View file

@ -287,6 +287,31 @@ release: clean-dist CHANGELOG.md ## Build and publish final binaries and packag
# upload the version file that supports the application version update check (excluding pre-releases)
.github/scripts/update-version-file.sh "$(DISTDIR)" "$(VERSION)"
.PHONY: release-docker-assets
release-docker-assets:
$(call title,Publishing docker release assets)
# create a config with the dist dir overridden
echo "dist: $(DISTDIR)" > $(TEMPDIR)/goreleaser.yaml
cat .goreleaser_docker.yaml >> $(TEMPDIR)/goreleaser.yaml
bash -c "\
$(RELEASE_CMD) \
--config $(TEMPDIR)/goreleaser.yaml \
--parallelism 1"
snapshot-docker-assets: # Build snapshot images of docker images that will be published on release
$(call title,Building snapshot docker release assets)
# create a config with the dist dir overridden
echo "dist: $(DISTDIR)" > $(TEMPDIR)/goreleaser.yaml
cat .goreleaser_docker.yaml >> $(TEMPDIR)/goreleaser.yaml
bash -c "\
$(SNAPSHOT_CMD) \
--config $(TEMPDIR)/goreleaser.yaml \
--parallelism 1"
.PHONY: clean
clean: clean-dist clean-snapshot ## Remove previous builds and result reports
$(call safe_rm_rf_children,$(RESULTSDIR))