From ecf9c997b0a8501771db95b8be9b407971afb622 Mon Sep 17 00:00:00 2001 From: Bill Wang Date: Mon, 14 Oct 2024 17:30:02 +1100 Subject: [PATCH 1/3] feature/github-action --- .circleci/config.yml | 97 --------------------------------- .github/FUNDING.yml | 2 + .github/workflows/build.yml | 106 ++++++++++++++++++++++++++++++++++++ 3 files changed, 108 insertions(+), 97 deletions(-) delete mode 100644 .circleci/config.yml create mode 100644 .github/FUNDING.yml create mode 100644 .github/workflows/build.yml diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index 4ded7e0..0000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,97 +0,0 @@ -version: 2.1 - -# Prerequisite -# Make sure you set secret enviroment variables in CICD -# DOCKER_USERNAME -# DOCKER_PASSWORD -# API_TOKEN - -# REBUILD - it has default value "false", if need rebuild the image, turn it on with value "true" - -parameters: - rebuild: - type: string - default: "false" - -jobs: - build: - docker: - - image: alpine/docker-with-buildx - environment: - REBUILD: << pipeline.parameters.rebuild >> - IMAGE: alpine/helm:latest - steps: - - checkout - - setup_remote_docker: - docker_layer_caching: true - - run: | - apk --no-cache --update add bash curl sudo - echo $REBUILD - bash ./build.sh - - scan: - docker: - - image: alpine/trivy - environment: - REBUILD: << pipeline.parameters.rebuild >> - IMAGE: alpine/helm:latest - steps: - - checkout - - run: | - trivy image -s "HIGH,CRITICAL" ${IMAGE} - -workflows: - build: - jobs: - - build: - name: build - context: - - Docker-Hub - filters: - branches: - only: - - master - - main - - scan: - requires: - - build - name: scan - context: - - Docker-Hub - filters: - branches: - only: - - master - - main - - nightly: - triggers: - - schedule: - cron: "0 3 * * 0" - filters: - branches: - only: - - master - - main - jobs: - - build: - name: build - context: - - Docker-Hub - filters: - branches: - only: - - master - - main - - - scan: - requires: - - build - name: scan - context: - - Docker-Hub - filters: - branches: - only: - - master - - main diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..c71896b --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1,2 @@ +github: [ozbillwang] +custom: ["https://www.buymeacoffee.com/ozbillwang", "https://github.com/sponsors/ozbillwang"] diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..25e9e4d --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,106 @@ +name: Docker + +on: + push: + tags: ["*"] + branches: + - "main" + - "master" + schedule: + - cron: '0 5 * * 0' + pull_request: + branches: ["**"] + +env: + # Hostname of your registry + REGISTRY: docker.io + # Image repository, without hostname and tag + IMAGE_NAME: alpine/helm + SHA: ${{ github.event.pull_request.head.sha || github.event.after }} + +jobs: + build: + runs-on: ubuntu-latest + permissions: + pull-requests: write + + steps: + - name: Setup Docker buildx + uses: docker/setup-buildx-action@v3 + + # Step to fetch the latest curl version + - name: Get latest curl version + id: curl-version + run: | + export CURL_OPTIONS="-sL -H \"Authorization: token ${{ secrets.API_KEY }}\"" + + #curl -H "Cache-Control: no-cache" -sL "https://raw.githubusercontent.com/alpine-docker/multi-arch-docker-images/stable/functions.sh" -o functions.sh + curl -H "Cache-Control: no-cache" -sL "https://raw.githubusercontent.com/alpine-docker/multi-arch-docker-images/refs/heads/master/functions.sh" -o functions.sh + source functions.sh + HELM_VERSION=$(curl -s https://api.github.com/repos/helm/helm/releases | jq -r '.[].tag_name | select(test("alpha|beta|rc") | not) ' \ + | sort -rV | head -n 1 |sed 's/v//') + echo "Latest helm version is $HELM_VERSION" + echo "HELM_VERSION=$HELM_VERSION" >> $GITHUB_ENV + + # Authenticate to the container registry + - name: Authenticate to registry ${{ env.REGISTRY }} + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + # Extract metadata (tags, labels) for Docker + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + labels: | + org.opencontainers.image.revision=${{ env.SHA }} + tags: | + type=edge,branch=$repo.default_branch + type=semver,pattern=v{{version}} + type=sha,prefix=,suffix=,format=short + + # Build and push Docker image with Buildx + # (don't push on PR, load instead) + - name: Build and push Docker image + id: build-and-push + uses: docker/build-push-action@v6 + with: + platforms: linux/amd64,linux/arm64 + sbom: ${{ github.event_name != 'pull_request' }} + provenance: ${{ github.event_name != 'pull_request' }} + push: ${{ github.event_name != 'pull_request' }} + load: ${{ github.event_name == 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + build-args: | + VERSION=${{ env.HELM_VERSION }} + + # - name: Checkout code + # uses: actions/checkout@v2 + + # - name: check the platform in multi-arch images + # run: | + # echo ${{ steps.meta.outputs.tags }} + # bash ./test.sh ${{ steps.meta.outputs.tags }} + + - name: set tags + run: | + # install crane + curl -LO https://github.com/google/go-containerregistry/releases/download/v0.20.2/go-containerregistry_Linux_x86_64.tar.gz + tar zxvf go-containerregistry_Linux_x86_64.tar.gz + chmod +x crane + + version=$(docker run --rm ${{ steps.meta.outputs.tags }} version) + version=$(echo ${version}| awk -F \" '{print $2}') + + echo $version + ./crane auth login -u ${{ secrets.DOCKERHUB_USERNAME }} -p ${{ secrets.DOCKERHUB_TOKEN }} index.docker.io + ./crane copy ${{ steps.meta.outputs.tags }} ${{ env.IMAGE_NAME }}:latest + ./crane copy ${{ steps.meta.outputs.tags }} ${{ env.IMAGE_NAME }}:${version} + rm -f /home/runner/.docker/config.json From dc913e04af5ded246909b2166748d3d20d7172b9 Mon Sep 17 00:00:00 2001 From: Bill Wang Date: Mon, 14 Oct 2024 17:31:23 +1100 Subject: [PATCH 2/3] feature/github-action --- .github/workflows/build.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 25e9e4d..8f418ae 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -37,8 +37,7 @@ jobs: #curl -H "Cache-Control: no-cache" -sL "https://raw.githubusercontent.com/alpine-docker/multi-arch-docker-images/stable/functions.sh" -o functions.sh curl -H "Cache-Control: no-cache" -sL "https://raw.githubusercontent.com/alpine-docker/multi-arch-docker-images/refs/heads/master/functions.sh" -o functions.sh source functions.sh - HELM_VERSION=$(curl -s https://api.github.com/repos/helm/helm/releases | jq -r '.[].tag_name | select(test("alpha|beta|rc") | not) ' \ - | sort -rV | head -n 1 |sed 's/v//') + HELM_VERSION=$(curl -s https://api.github.com/repos/helm/helm/releases | jq -r '.[].tag_name | select(test("alpha|beta|rc") | not) ' | sort -rV | head -n 1 |sed 's/v//') echo "Latest helm version is $HELM_VERSION" echo "HELM_VERSION=$HELM_VERSION" >> $GITHUB_ENV From 2ca19e3f430466afbf797e6fd0aa83ec5daa3daf Mon Sep 17 00:00:00 2001 From: Bill Wang Date: Mon, 14 Oct 2024 17:39:22 +1100 Subject: [PATCH 3/3] feature/github-action --- .github/workflows/build.yml | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8f418ae..8565c42 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -28,18 +28,13 @@ jobs: - name: Setup Docker buildx uses: docker/setup-buildx-action@v3 - # Step to fetch the latest curl version - - name: Get latest curl version + # Step to fetch the latest version + - name: Get latest version id: curl-version run: | - export CURL_OPTIONS="-sL -H \"Authorization: token ${{ secrets.API_KEY }}\"" - - #curl -H "Cache-Control: no-cache" -sL "https://raw.githubusercontent.com/alpine-docker/multi-arch-docker-images/stable/functions.sh" -o functions.sh - curl -H "Cache-Control: no-cache" -sL "https://raw.githubusercontent.com/alpine-docker/multi-arch-docker-images/refs/heads/master/functions.sh" -o functions.sh - source functions.sh - HELM_VERSION=$(curl -s https://api.github.com/repos/helm/helm/releases | jq -r '.[].tag_name | select(test("alpha|beta|rc") | not) ' | sort -rV | head -n 1 |sed 's/v//') - echo "Latest helm version is $HELM_VERSION" - echo "HELM_VERSION=$HELM_VERSION" >> $GITHUB_ENV + VERSION=$(curl -s https://api.github.com/repos/helm/helm/releases | jq -r '.[].tag_name | select(test("alpha|beta|rc") | not) ' | sort -rV | head -n 1 |sed 's/v//') + echo "Latest helm version is $VERSION" + echo "VERSION=$VERSION" >> $GITHUB_ENV # Authenticate to the container registry - name: Authenticate to registry ${{ env.REGISTRY }} @@ -78,7 +73,7 @@ jobs: cache-from: type=gha cache-to: type=gha,mode=max build-args: | - VERSION=${{ env.HELM_VERSION }} + VERSION=${{ env.VERSION }} # - name: Checkout code # uses: actions/checkout@v2 @@ -95,11 +90,16 @@ jobs: tar zxvf go-containerregistry_Linux_x86_64.tar.gz chmod +x crane - version=$(docker run --rm ${{ steps.meta.outputs.tags }} version) - version=$(echo ${version}| awk -F \" '{print $2}') + # simple test + docker_version=$(docker run --rm ${{ steps.meta.outputs.tags }} version) + docker_version=$(echo ${docker_version}| awk -F \" '{print $2}') - echo $version - ./crane auth login -u ${{ secrets.DOCKERHUB_USERNAME }} -p ${{ secrets.DOCKERHUB_TOKEN }} index.docker.io - ./crane copy ${{ steps.meta.outputs.tags }} ${{ env.IMAGE_NAME }}:latest - ./crane copy ${{ steps.meta.outputs.tags }} ${{ env.IMAGE_NAME }}:${version} - rm -f /home/runner/.docker/config.json + echo $docker_version + if [ "$docker_version" == "$VERSION" ]; then + ./crane auth login -u ${{ secrets.DOCKERHUB_USERNAME }} -p ${{ secrets.DOCKERHUB_TOKEN }} index.docker.io + ./crane copy ${{ steps.meta.outputs.tags }} ${{ env.IMAGE_NAME }}:latest + ./crane copy ${{ steps.meta.outputs.tags }} ${{ env.IMAGE_NAME }}:${{ env.VERSION }} + rm -f /home/runner/.docker/config.json + else + echo "Versions are different. Skipping..." + fi