Skip to content

Commit

Permalink
use publish-image action
Browse files Browse the repository at this point in the history
Signed-off-by: Brooks Newberry <[email protected]>
  • Loading branch information
brooksn committed Sep 10, 2024
1 parent d5165cc commit da1c49e
Show file tree
Hide file tree
Showing 3 changed files with 41 additions and 48 deletions.
34 changes: 8 additions & 26 deletions .github/workflows/image-push.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,37 +18,19 @@ jobs:
- name: Check out code
uses: actions/checkout@v4

- name: Set the TAG value
id: get-TAG
run: |
echo "$(make -s log | grep TAG)" >> "$GITHUB_ENV"
- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: "Read secrets"
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials password | DOCKER_PASSWORD
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Login to Container Registry
uses: docker/login-action@v3
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}

- name: Build container image
uses: docker/build-push-action@v6
- name: Build and push image
uses: rancher/ecm-distro-tools/actions/publish-image@master
with:
context: .
push: true
tags: rancher/hardened-coredns:${{ github.event.release.tag_name }}
file: Dockerfile
platforms: linux/amd64, linux/arm64
build-args: |
TAG=${{ env.TAG }}
image: hardened-coredns
tag: ${{ github.event.release.tag_name }}
public-repo: rancher
public-username: ${{ env.DOCKER_USERNAME }}
public-password: ${{ env.DOCKER_PASSWORD }}
push-to-prime: false
6 changes: 2 additions & 4 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
ARG BCI_IMAGE=registry.suse.com/bci/bci-busybox
ARG GO_IMAGE=rancher/hardened-build-base:v1.22.7b1
ARG ARCH="amd64"

# Image that provides cross compilation tooling.
FROM --platform=$BUILDPLATFORM rancher/mirrored-tonistiigi-xx:1.3.0 as xx

Check warning on line 5 in Dockerfile

View workflow job for this annotation

GitHub Actions / build-arm64

The 'as' keyword should match the case of the 'from' keyword

FromAsCasing: 'as' and 'FROM' keywords' casing do not match More info: https://docs.docker.com/go/dockerfile/rule/from-as-casing/
Expand All @@ -19,21 +18,20 @@ RUN set -x && \
FROM --platform=$BUILDPLATFORM base-builder as coredns-builder

Check warning on line 18 in Dockerfile

View workflow job for this annotation

GitHub Actions / build-arm64

The 'as' keyword should match the case of the 'from' keyword

FromAsCasing: 'as' and 'FROM' keywords' casing do not match More info: https://docs.docker.com/go/dockerfile/rule/from-as-casing/
ARG SRC=github.com/coredns/coredns
ARG PKG=github.com/coredns/coredns
ARG ARCH
ARG TAG=v1.11.3
RUN git clone --depth=1 https://${SRC}.git $GOPATH/src/${PKG}
WORKDIR $GOPATH/src/${PKG}
RUN git fetch --all --tags --prune
RUN git checkout tags/${TAG} -b ${TAG}
RUN go mod download
# cross-compilation setup
ARG TARGETPLATFORM
ARG TARGETPLATFORM TARGETARCH
RUN xx-go --wrap && \
GO_LDFLAGS="-linkmode=external -X ${PKG}/coremain.GitCommit=$(git rev-parse --short HEAD)" \
go-build-static.sh -gcflags=-trimpath=${GOPATH}/src -o bin/coredns .
RUN go-assert-static.sh bin/*
RUN xx-verify --static bin/*
RUN if [ "${ARCH}" != "s390x" || "${ARCH}" != "arm64" ]; then \
RUN if [ "${TARGETARCH}" = "amd64" ] || [ "${TARGETARCH}" = "arm64" ]; then \
go-assert-boring.sh bin/*; \
fi

Expand Down
49 changes: 31 additions & 18 deletions Makefile
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
SEVERITIES = HIGH,CRITICAL

UNAME_M = $(shell uname -m)
ARCH=
ifeq ($(UNAME_M), x86_64)
ARCH=amd64
else ifeq ($(UNAME_M), aarch64)
ARCH=arm64
else
ARCH=$(UNAME_M)
ifndef TARGET_PLATFORMS
ifeq ($(UNAME_M), x86_64)
TARGET_PLATFORMS:=linux/amd64
else ifeq ($(UNAME_M), aarch64)
TARGET_PLATFORMS:=linux/arm64
else
TARGET_PLATFORMS:=linux/$(UNAME_M)
endif
endif

BUILD_META=-build$(shell date +%Y%m%d)
ORG ?= rancher
PKG ?= github.com/coredns/coredns
SRC ?= github.com/coredns/coredns
TAG ?= ${GITHUB_ACTION_TAG}
Expand All @@ -25,29 +25,42 @@ ifeq (,$(filter %$(BUILD_META),$(TAG)))
$(error TAG $(TAG) needs to end with build metadata: $(BUILD_META))
endif

REPO ?= rancher
IMAGE = $(REPO)/hardened-coredns:$(TAG)
BUILD_OPTS = \
--platform=$(TARGET_PLATFORMS) \
--build-arg PKG=$(PKG) \
--build-arg SRC=$(SRC) \
--build-arg TAG=$(TAG:$(BUILD_META)=) \
--target coredns \
--tag "$(IMAGE)"

.PHONY: image-build
image-build:
docker buildx build \
--platform=$(ARCH) \
--build-arg PKG=$(PKG) \
--build-arg SRC=$(SRC) \
--build-arg TAG=$(TAG:$(BUILD_META)=) \
--build-arg ARCH=$(ARCH) \
--target coredns \
--tag $(ORG)/hardened-coredns:$(TAG) \
--tag $(ORG)/hardened-coredns:$(TAG)-$(ARCH) \
$(BUILD_OPTS) \
--load \
.

.PHONY: push-image
push-image:
docker buildx build \
$(BUILD_OPTS) \
--sbom=true \
--attest type=provenance,mode=max \
--push \
.

PHONY: log
log:
@echo "ARCH=$(ARCH)"
@echo "TAG=$(TAG:$(BUILD_META)=)"
@echo "ORG=$(ORG)"
@echo "REPO=$(REPO)"
@echo "IMAGE=$(IMAGE)"
@echo "PKG=$(PKG)"
@echo "SRC=$(SRC)"
@echo "BUILD_META=$(BUILD_META)"
@echo "UNAME_M=$(UNAME_M)"
@echo "TARGET_PLATFORMS=$(TARGET_PLATFORMS)"

.PHONY: image-scan
image-scan:
Expand Down

0 comments on commit da1c49e

Please sign in to comment.