From e3cc3691b1a6bba76b0aaa14befc3cda675cccdc Mon Sep 17 00:00:00 2001 From: Jimmi Dyson Date: Wed, 22 Feb 2023 10:24:53 +0000 Subject: [PATCH] feat: Use ghcr.io instead of docker hub for images --- .github/workflows/checks-macos.yml | 45 ------------------------ .github/workflows/checks.yml | 6 ++-- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/release-main.yaml | 16 ++++++--- .go-tools | 4 +-- .golangci.yml | 1 - .goreleaser.yml | 14 ++++---- .tool-versions | 10 +++--- make/all.mk | 1 - make/ci.mk | 50 --------------------------- make/docker.mk | 10 +++--- make/go.mk | 10 +++--- make/goreleaser.mk | 6 ++-- make/tools.mk | 22 ++++++++---- 14 files changed, 58 insertions(+), 139 deletions(-) delete mode 100644 .github/workflows/checks-macos.yml delete mode 100644 make/ci.mk diff --git a/.github/workflows/checks-macos.yml b/.github/workflows/checks-macos.yml deleted file mode 100644 index 5d61b8b..0000000 --- a/.github/workflows/checks-macos.yml +++ /dev/null @@ -1,45 +0,0 @@ -# Copyright 2022 D2iQ, Inc. All rights reserved. -# SPDX-License-Identifier: Apache-2.0 - -name: build-on-macos - -on: - push: - branches: - - main - pull_request: - types: - - opened - - synchronize - - reopened - branches: - - main - -permissions: - contents: read - -jobs: - build-and-run: - runs-on: macos-latest - steps: - - uses: ConorMacBride/install-package@v1 - with: - brew: bash coreutils findutils - - - name: Check out code - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Install tools via asdf - uses: asdf-vm/actions/install@v1 - - - name: Build - run: make release-snapshot - env: - GORELEASER_FLAGS: --skip-docker - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Run binary - run: | - ./dist/toml-merge_darwin_amd64_v1/toml-merge version diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 2903b0a..2a803f9 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@v3 - name: Install asdf - uses: asdf-vm/actions/setup@v1 + uses: asdf-vm/actions/setup@master - name: Run unit tests run: make test @@ -44,7 +44,7 @@ jobs: uses: actions/checkout@v3 - name: Install asdf - uses: asdf-vm/actions/setup@v1 + uses: asdf-vm/actions/setup@master - name: Run e2e tests run: make e2e-test @@ -80,7 +80,7 @@ jobs: uses: actions/checkout@v3 - name: Install asdf - uses: asdf-vm/actions/setup@v1 + uses: asdf-vm/actions/setup@master - uses: pre-commit/action@v3.0.0 with: diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index d7ff648..5000bbb 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -31,7 +31,7 @@ jobs: languages: ${{ matrix.language }} - name: Install tools via asdf - uses: asdf-vm/actions/install@v1 + uses: asdf-vm/actions/setup@master - name: Build run: make build-snapshot diff --git a/.github/workflows/release-main.yaml b/.github/workflows/release-main.yaml index 279a79d..9883ac5 100644 --- a/.github/workflows/release-main.yaml +++ b/.github/workflows/release-main.yaml @@ -8,11 +8,16 @@ on: branches: - main +permissions: + contents: write + packages: write + pull-requests: write + jobs: release-please: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - - uses: google-github-actions/release-please-action@v3.5 + - uses: google-github-actions/release-please-action@v3.7 id: release-please with: release-type: go @@ -30,11 +35,12 @@ jobs: uses: asdf-vm/actions/install@v1 - if: ${{ steps.release-please.outputs.release_created }} - name: Login to Docker Hub + name: Login to GitHub Container Registry uses: docker/login-action@v2 with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - if: ${{ steps.release-please.outputs.release_created }} name: Release diff --git a/.go-tools b/.go-tools index a317ffc..62a4e99 100644 --- a/.go-tools +++ b/.go-tools @@ -1,4 +1,4 @@ github.com/oligot/go-mod-upgrade@v0.9.1 -gotest.tools/gotestsum@v1.8.2 github.com/segmentio/golines@v0.11.0 -github.com/containers/skopeo/cmd/skopeo@v1.10.0 # FREEZE +gotest.tools/gotestsum@v1.9.0 +github.com/google/go-containerregistry/cmd/crane@v0.13.0 diff --git a/.golangci.yml b/.golangci.yml index bda2f07..b955d1e 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -3,7 +3,6 @@ run: timeout: 5m - go: '1.17' build-tags: - e2e diff --git a/.goreleaser.yml b/.goreleaser.yml index 7b00707..5be1b2a 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -61,12 +61,12 @@ dockers: - image_templates: # Specify the image tag including `-amd64` suffix if the build is not a snapshot build or is not being built on # arm64 machine. This allows for using the snapshot image build without the archtecture specific suffix - # consistently on local machines, i.e. can always use `mesosphere/toml-merge:v` on the machine the snapshot + # consistently on local machines, i.e. can always use `ghcr.io/mesosphere/toml-merge:v` on the machine the snapshot # is built on. # # For a release build the `-amd64` suffix will always be included and the `docker_manifests` specification below # will create the final multiplatform manifest to be pushed to the registry. - - 'mesosphere/toml-merge:v{{trimprefix .Version "v"}}{{ if or (not .IsSnapshot) (not (eq .Runtime.Goarch "amd64")) }}-amd64{{ end }}' + - 'ghcr.io/mesosphere/toml-merge:v{{trimprefix .Version "v"}}{{ if or (not .IsSnapshot) (not (eq .Runtime.Goarch "amd64")) }}-amd64{{ end }}' use: buildx dockerfile: Dockerfile build_flag_templates: @@ -80,12 +80,12 @@ dockers: - image_templates: # Specify the image tag including `-amd64v8` suffix if the build is not a snapshot build or is not being built on # arm64 machine. This allows for using the snapshot image build without the archtecture specific suffix - # consistently on local machines, i.e. can always use `mesosphere/toml-merge:v` on the machine the snapshot + # consistently on local machines, i.e. can always use `ghcr.io/mesosphere/toml-merge:v` on the machine the snapshot # is built on. # # For a release build the `-amd64v8` suffix will always be included and the `docker_manifests` specification below # will create the final multiplatform manifest to be pushed to the registry. - - 'mesosphere/toml-merge:v{{trimprefix .Version "v"}}{{ if or (not .IsSnapshot) (not (eq .Runtime.Goarch "arm64")) }}-arm64v8{{ end }}' + - 'ghcr.io/mesosphere/toml-merge:v{{trimprefix .Version "v"}}{{ if or (not .IsSnapshot) (not (eq .Runtime.Goarch "arm64")) }}-arm64v8{{ end }}' use: buildx goarch: arm64 dockerfile: Dockerfile @@ -98,10 +98,10 @@ dockers: - "--label=org.opencontainers.image.version={{.Version}}" - "--label=org.opencontainers.image.source={{.GitURL}}" docker_manifests: - - name_template: mesosphere/toml-merge:v{{trimprefix .Version "v"}} + - name_template: ghcr.io/mesosphere/toml-merge:v{{trimprefix .Version "v"}} image_templates: - - mesosphere/toml-merge:v{{trimprefix .Version "v"}}-amd64 - - mesosphere/toml-merge:v{{trimprefix .Version "v"}}-arm64v8 + - ghcr.io/mesosphere/toml-merge:v{{trimprefix .Version "v"}}-amd64 + - ghcr.io/mesosphere/toml-merge:v{{trimprefix .Version "v"}}-arm64v8 checksum: name_template: 'checksums.txt' snapshot: diff --git a/.tool-versions b/.tool-versions index 57bb28d..c6cd5e1 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1,5 +1,5 @@ -golangci-lint 1.50.1 -goreleaser 1.12.3 -golang 1.19.2 -pre-commit 2.20.0 -ginkgo 2.4.0 +ginkgo 2.8.3 +golangci-lint 1.51.2 +goreleaser 1.15.2 +golang 1.20.1 +pre-commit 3.0.4 diff --git a/make/all.mk b/make/all.mk index 6a62e69..232f4dc 100644 --- a/make/all.mk +++ b/make/all.mk @@ -13,5 +13,4 @@ include $(INCLUDE_DIR)pre-commit.mk include $(INCLUDE_DIR)go.mk include $(INCLUDE_DIR)goreleaser.mk include $(INCLUDE_DIR)docker.mk -include $(INCLUDE_DIR)ci.mk include $(INCLUDE_DIR)tag.mk diff --git a/make/ci.mk b/make/ci.mk deleted file mode 100644 index f26b89a..0000000 --- a/make/ci.mk +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright 2022 D2iQ, Inc. All rights reserved. -# SPDX-License-Identifier: Apache-2.0 - -CI_DOCKERFILE ?= $(REPO_ROOT)/Dockerfile.ci - -ifneq ($(wildcard $(CI_DOCKERFILE)),) -CI_DOCKER_TAG ?= $(shell (cat $(CI_DOCKERFILE) \ - $(if $(CI_DOCKER_BUILD_ARGS),&& echo $(CI_DOCKER_BUILD_ARGS))) \ - | shasum | awk '{ print $$1 }') -CI_DOCKER_IMG ?= $(GITHUB_ORG)/$(GITHUB_REPOSITORY)-ci:$(CI_DOCKER_TAG) - -.PHONY: ci.docker.ensure -ci.docker.ensure: ## Ensures the docker image is locally available -ci.docker.ensure: dockerauth ; $(info $(M) Ensuring CI Docker image is available locally) - (docker image inspect $(CI_DOCKER_IMG) &>/dev/null && echo '$(CI_DOCKER_IMG) already exists - skipping image build' ) || \ - docker pull $(CI_DOCKER_IMG) || \ - $(MAKE) ci.docker.build - -.PHONY: ci.docker.build -ci.docker.build: ## Builds the CI Docker image -ci.docker.build: dockerauth ; $(info $(M) Building CI Docker image) - DOCKER_BUILDKIT=1 docker build \ - --tag $(CI_DOCKER_IMG) \ - $(if $(CI_DOCKER_BUILD_ARGS),$(addprefix --build-arg ,$(CI_DOCKER_BUILD_ARGS))) \ - -f $(CI_DOCKERFILE) . - -.PHONY: ci.docker.push -ci.docker.push: ## Pushes the CI Docker image -ci.docker.push: ci.docker.ensure ; $(info $(M) Pushes the CI Docker image) - docker push $(CI_DOCKER_IMG) - -.PHONY: ci.docker.run -ci.docker.run: ## Runs the build in the CI Docker image. -ci.docker.run: RUN_WHAT ?= -ci.docker.run: ci.docker.ensure ; $(info $(M) Runs the build in the CI Docker image) - @docker run --rm -i$(if $(RUN_WHAT),,$(if $(INTERACTIVE),t)) \ - -u $(shell id -u):$(shell id -g) \ - -v $(REPO_ROOT):$(REPO_ROOT) \ - -w $(REPO_ROOT) \ - -v /var/run/docker.sock:/var/run/docker.sock \ - -v /etc/docker/certs.d:/etc/docker/certs.d \ - $(if $(DOCKER_USERNAME),-e DOCKER_USERNAME=$(DOCKER_USERNAME)) \ - $(if $(DOCKER_PASSWORD),-e DOCKER_PASSWORD=$(DOCKER_PASSWORD)) \ - $(if $(SSH_AUTH_SOCK),-v $(SSH_AUTH_SOCK):$(SSH_AUTH_SOCK) -e SSH_AUTH_SOCK=$(SSH_AUTH_SOCK)) \ - $(if $(GITHUB_USER_TOKEN),-e GITHUB_USER_TOKEN=$(GITHUB_USER_TOKEN) -e GITHUB_TOKEN=$(GITHUB_USER_TOKEN),$(if $(GITHUB_TOKEN),-e GITHUB_TOKEN=$(GITHUB_TOKEN))) \ - --net=host \ - $(CI_DOCKER_IMG) \ - $(RUN_WHAT) - -endif diff --git a/make/docker.mk b/make/docker.mk index e03ef62..273db10 100644 --- a/make/docker.mk +++ b/make/docker.mk @@ -10,10 +10,10 @@ endif endif .PHONY: update-distroless-base-image -update-distroless-base-image: install-tool.gcloud install-tool.gojq install-tool.go.skopeo; $(info $(M) updating distroless base image) +update-distroless-base-image: install-tool.gcloud install-tool.gojq install-tool.go.crane; $(info $(M) updating distroless base image) LATEST_DISTROLESS_NONROOT_DIGEST="$$(gcloud container images list-tags gcr.io/distroless/static --format=json | gojq -r '.[] | select(.tags | index("nonroot")) | .digest')"; \ - DISTROLESS_AMD64_DIGEST="$$(skopeo inspect --raw docker://gcr.io/distroless/static@$${LATEST_DISTROLESS_NONROOT_DIGEST} | gojq -r '.manifests[] | select(.platform.os == "linux" and .platform.architecture == "amd64").digest')"; \ - DISTROLESS_ARM64_DIGEST="$$(skopeo inspect --raw docker://gcr.io/distroless/static@$${LATEST_DISTROLESS_NONROOT_DIGEST} | gojq -r '.manifests[] | select(.platform.os == "linux" and .platform.architecture == "arm64").digest')"; \ - sed -i -e "s|^\(FROM --platform=linux/amd64 \).\+$$|\1gcr.io/distroless/static@$${DISTROLESS_AMD64_DIGEST} as linux-amd64|" \ - -e "s|^\(FROM --platform=linux/arm64 \).\+$$|\1gcr.io/distroless/static@$${DISTROLESS_ARM64_DIGEST} as linux-arm64|" \ + DISTROLESS_AMD64_DIGEST="$$(crane manifest gcr.io/distroless/static@$${LATEST_DISTROLESS_NONROOT_DIGEST} | gojq -r '.manifests[] | select(.platform.os == "linux" and .platform.architecture == "amd64").digest')"; \ + DISTROLESS_ARM64_DIGEST="$$(crane manifest gcr.io/distroless/static@$${LATEST_DISTROLESS_NONROOT_DIGEST} | gojq -r '.manifests[] | select(.platform.os == "linux" and .platform.architecture == "arm64").digest')"; \ + sed -i -e "s|^\(FROM --platform=linux/amd64 gcr.io/distroless/static@\).\+$$|\1$${DISTROLESS_AMD64_DIGEST} as linux-amd64|" \ + -e "s|^\(FROM --platform=linux/arm64 gcr.io/distroless/static@\).\+$$|\1$${DISTROLESS_ARM64_DIGEST} as linux-arm64|" \ Dockerfile diff --git a/make/go.mk b/make/go.mk index 285307d..4138b74 100644 --- a/make/go.mk +++ b/make/go.mk @@ -3,7 +3,7 @@ # The GOPRIVATE environment variable controls which modules the go command considers # to be private (not available publicly) and should therefore not use the proxy or checksum database -export GOPRIVATE ?= github.com/mesosphere +export GOPRIVATE ?= ALL_GO_SUBMODULES := $(shell PATH='$(PATH)'; find -mindepth 2 -maxdepth 2 -name go.mod -printf '%P\n' | sort) GO_SUBMODULES_NO_TOOLS := $(filter-out $(addsuffix /go.mod,tools),$(ALL_GO_SUBMODULES)) @@ -69,7 +69,7 @@ endif .PHONY: bench.% bench.%: ## Runs go benchmarks for a specific module -bench.%:; $(info $(M) running benchmarks$(if $(GOTEST_RUN), matching "$(GOTEST_RUN)") for $* module) +bench.%: ; $(info $(M) running benchmarks$(if $(GOTEST_RUN), matching "$(GOTEST_RUN)") for $* module) $(if $(filter-out root,$*),cd $* && )go test $(if $(GOTEST_RUN),-run "$(GOTEST_RUN)") -race -cover -v ./... E2E_PARALLEL_NODES ?= $(shell nproc --ignore=1) @@ -82,7 +82,7 @@ e2e-test: install-tool.golang install-tool.ginkgo build-snapshot ginkgo run \ --r \ --race \ - --progress \ + --show-node-events \ --trace \ --randomize-all \ --randomize-suites \ @@ -156,9 +156,9 @@ go-clean.%: install-tool.golang; $(info $(M) running go clean for $* module) .PHONY: go-generate go-generate: ## Runs go generate go-generate: install-tool.golang ; $(info $(M) running go generate) - go generate ./... + go generate -x ./... .PHONY: go-mod-upgrade go-mod-upgrade: ## Interactive check for direct module dependency upgrades -go-mod-upgrade: install-tool.golang ; $(info $(M) checking for direct module dependency upgrades) +go-mod-upgrade: install-tool.go.go-mod-upgrade; $(info $(M) checking for direct module dependency upgrades) go-mod-upgrade diff --git a/make/goreleaser.mk b/make/goreleaser.mk index 1ad6945..7a13595 100644 --- a/make/goreleaser.mk +++ b/make/goreleaser.mk @@ -14,7 +14,7 @@ build-snapshot: dockerauth install-tool.goreleaser ; $(info $(M) building snapsh goreleaser --debug=$(GORELEASER_DEBUG) \ build \ --snapshot \ - --rm-dist \ + --clean \ --parallelism=$(GORELEASER_PARALLELISM) \ --single-target \ --skip-post-hooks @@ -24,7 +24,7 @@ release: ## Builds a release with goreleaser release: dockerauth install-tool.goreleaser ; $(info $(M) building release $*) goreleaser --debug=$(GORELEASER_DEBUG) \ release \ - --rm-dist \ + --clean \ --parallelism=$(GORELEASER_PARALLELISM) \ $(GORELEASER_FLAGS) @@ -35,6 +35,6 @@ release-snapshot: dockerauth install-tool.goreleaser ; $(info $(M) building snap release \ --snapshot \ --skip-publish \ - --rm-dist \ + --clean \ --parallelism=$(GORELEASER_PARALLELISM) \ $(GORELEASER_FLAGS) diff --git a/make/tools.mk b/make/tools.mk index 2de97b1..6a9adc8 100644 --- a/make/tools.mk +++ b/make/tools.mk @@ -13,7 +13,7 @@ export PATH := $(GOBIN):$(PATH) ifneq ($(wildcard $(GO_TOOLS_FILE)),) define install_go_tool mkdir -p $(GOBIN) - CGO_ENABLED=0 go install -tags containers_image_openpgp -v $$(grep -Eo '^.+$1[^ \t]*' $(GO_TOOLS_FILE)) + CGO_ENABLED=0 go install -v $$(grep -Eo '^.+$1[^ ]+' $(GO_TOOLS_FILE)) endef .PHONY: @@ -80,8 +80,18 @@ upgrade-tools: upgrade-go-tools; $(info $(M) upgrading all tools to latest avail upgrade-go-tools: ## Upgrades all go tools to latest available versions upgrade-go-tools: install-tool.golang; $(info $(M) upgrading all go tools to latest available versions) grep -v '# FREEZE' .go-tools | \ - grep -Eo '^[^#]\S+' | \ - sed 's/@.\+$$/@latest/' | \ - xargs -I {} bash -ec '\ - export LATEST_VERSION=$$(go list -m {}) && \ - sed -i "s|$${LATEST_VERSION%% *}@.\+$$|$${LATEST_VERSION/ /@}|" .go-tools' + grep -Eo '^[^#][^@]+' | \ + xargs -I {} bash -ec ' \ + original_module_path={}; \ + module_path={}; \ + while [ "$${module_path}" != "." ]; do \ + LATEST_VERSION=$$(go list -m $${module_path}@latest 2>/dev/null || echo ""); \ + if [ -n "$${LATEST_VERSION}" ]; then \ + sed -i "s|$${original_module_path}@.\+$$|$${original_module_path}@$${LATEST_VERSION#* }|" .go-tools; \ + exit; \ + else \ + module_path=$$(dirname $${module_path}); \ + fi; \ + done; \ + echo "Failed to find latest module version for $${original_module_path}"; \ + exit 1'