-
Notifications
You must be signed in to change notification settings - Fork 211
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: build and publish kubectl-retina image (#991)
# Description This changes allow the CI and release pipeline to build and publish kubectl-retina images ## Related Issue If this pull request is related to any issue, please mention it here. Additionally, make sure that the issue is assigned to you before submitting this pull request. ## Checklist - [ ] I have read the [contributing documentation](https://retina.sh/docs/contributing). - [ ] I signed and signed-off the commits (`git commit -S -s ...`). See [this documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification) on signing commits. - [ ] I have correctly attributed the author(s) of the code. - [ ] I have tested the changes locally. - [ ] I have followed the project's style guidelines. - [ ] I have updated the documentation, if necessary. - [ ] I have added tests, if applicable. ## Screenshots (if applicable) or Testing Completed - build image: ![image](https://github.com/user-attachments/assets/20142d9d-25b7-488b-818c-a085bb7de903) - image build succeeded - ![image](https://github.com/user-attachments/assets/96fedc8e-ab9b-47ca-b218-62c967c2de66) - create manifest ![image](https://github.com/user-attachments/assets/0c03b4e1-031d-4506-b563-ff4f45f0f3eb) ## Additional Notes Add any additional notes or context about the pull request here. --- Please refer to the [CONTRIBUTING.md](../CONTRIBUTING.md) file for more information on how to contribute to this project. --------- Signed-off-by: Qingchuan Hao <[email protected]>
- Loading branch information
Showing
6 changed files
with
170 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -193,14 +193,64 @@ jobs: | |
DIGEST=$(jq -r '.["containerimage.digest"]' image-metadata-retina-shell-$TAG-${{ matrix.platform }}-${{ matrix.arch }}.json) | ||
cosign sign --yes ${IMAGE_PATH}@${DIGEST} | ||
kubectl-retina-images: | ||
name: Build Kubectl Retina Images | ||
runs-on: ubuntu-latest | ||
|
||
strategy: | ||
matrix: | ||
platform: ["linux"] | ||
arch: ["amd64", "arm64"] | ||
|
||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
|
||
- uses: actions/setup-go@v5 | ||
with: | ||
go-version-file: go.mod | ||
- run: go version | ||
|
||
- name: Install Cosign | ||
uses: sigstore/[email protected] | ||
|
||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@v3 | ||
|
||
- name: Log in to registry | ||
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin | ||
|
||
- name: Build/Push Images | ||
shell: bash | ||
run: | | ||
set -euo pipefail | ||
echo "TAG=$(make version)" >> $GITHUB_ENV | ||
make kubectl-retina-image \ | ||
IMAGE_NAMESPACE=${{ github.repository }} \ | ||
PLATFORM=${{ matrix.platform }}/${{ matrix.arch }} \ | ||
BUILDX_ACTION=--push | ||
- name: Sign container image | ||
run: | | ||
IMAGE_PATH="ghcr.io/${{ github.repository }}/kubectl-retina:$TAG-${{ matrix.platform }}-${{ matrix.arch }}" | ||
DIGEST=$(jq -r '.["containerimage.digest"]' image-metadata-kubectl-retina-$TAG-${{ matrix.platform }}-${{ matrix.arch }}.json) | ||
cosign sign --yes ${IMAGE_PATH}@${DIGEST} | ||
manifests: | ||
name: Generate Manifests | ||
runs-on: ubuntu-latest | ||
needs: [retina-images, retina-win-images, operator-images, retina-shell-images] | ||
needs: | ||
[ | ||
retina-images, | ||
retina-win-images, | ||
operator-images, | ||
retina-shell-images, | ||
kubectl-retina-images, | ||
] | ||
|
||
strategy: | ||
matrix: | ||
component: ["retina", "operator", "shell"] | ||
component: ["retina", "operator", "shell", "kubectl-retina"] | ||
|
||
steps: | ||
- name: Checkout code | ||
|
@@ -231,6 +281,8 @@ jobs: | |
images=("retina-operator") | ||
elif [[ ${{ matrix.component }} == "shell" ]]; then | ||
images=("retina-shell") | ||
elif [[ ${{ matrix.component }} == "kubectl-retina" ]]; then | ||
images=("kubectl-retina") | ||
fi | ||
for image in "${images[@]}"; do | ||
IMAGE_PATH="ghcr.io/${{ github.repository }}/$image:$TAG" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
# mcr.microsoft.com/oss/go/microsoft/golang:1.23.1-cbl-mariner2.0 | ||
FROM --platform=$BUILDPLATFORM mcr.microsoft.com/oss/go/microsoft/golang@sha256:8ac5373de7fde69d08c52e4a1ba40e976a543b3e93196f7fe07c3f91853865f3 AS builder | ||
|
||
|
||
ARG VERSION | ||
ARG APP_INSIGHTS_ID | ||
|
||
WORKDIR /workspace | ||
COPY . . | ||
|
||
# Default linux/architecture. | ||
ARG GOOS=linux | ||
ENV GOOS=${GOOS} | ||
|
||
ARG GOARCH=amd64 | ||
ENV GOARCH=${GOARCH} | ||
|
||
RUN --mount=type=cache,target="/root/.cache/go-build" \ | ||
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \ | ||
-ldflags "-X github.com/microsoft/retina/internal/buildinfo.Version="$VERSION" \ | ||
-X "github.com/microsoft/retina/internal/buildinfo.ApplicationInsightsID"="$APP_INSIGHTS_ID"" \ | ||
-a -o kubectl-retina cli/main.go | ||
|
||
# mcr.microsoft.com/cbl-mariner/distroless/minimal:2.0 | ||
FROM --platform=$BUILDPLATFORM mcr.microsoft.com/cbl-mariner/distroless/minimal@sha256:db87903c5d4d9d6760e86a274914efd6a3bb5914c0b5a6c6b35350ec297fea4f | ||
WORKDIR / | ||
COPY --from=builder /workspace/kubectl-retina . | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters