diff --git a/.github/updatecli/dependencies.yaml b/.github/updatecli/dependencies.yaml new file mode 100644 index 0000000..5fe7ca2 --- /dev/null +++ b/.github/updatecli/dependencies.yaml @@ -0,0 +1,35 @@ +sources: + awscli: + kind: dockerimage + spec: + image: amazon/aws-cli + architecture: linux/amd64 + versionFilter: + kind: semver + kubectl: + kind: dockerimage + spec: + image: alpine/k8s + architecture: linux/amd64 + versionFilter: + kind: semver +conditions: {} +targets: + update-awscli-tag: + name: "Update the value of ARG AWSCLI_VERSION in the Dockerfile" + sourceid: awscli + kind: dockerfile + spec: + file: Dockerfile + instruction: + keyword: "ARG" + matcher: "AWSCLI_VERSION" + update-kubectl-tag: + name: "Update the value of ARG KUBECTL_VERSION in the Dockerfile" + sourceid: kubectl + kind: dockerfile + spec: + file: Dockerfile + instruction: + keyword: "ARG" + matcher: "KUBECTL_VERSION" diff --git a/.github/workflows/check-changes.yaml b/.github/workflows/check-changes.yaml new file mode 100644 index 0000000..e3535af --- /dev/null +++ b/.github/workflows/check-changes.yaml @@ -0,0 +1,123 @@ +name: Check ecr-token new release + +on: + workflow_dispatch: + schedule: + - cron: '0 0 * * *' + +jobs: + check-and-release: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Get current tag + id: current_release + run: | + # awscli_tag + awscli_current_tag=$(grep "ARG AWSCLI_VERSION" Dockerfile | cut -d '=' -f 2) + echo "awscli_current_tag=$awscli_current_tag" >> $GITHUB_OUTPUT + + # kubectl_tag + kubectl_current_tag=$(grep "ARG KUBECTL_VERSION" Dockerfile | cut -d '=' -f 2) + echo "kubectl_current_tag=$kubectl_current_tag" >> $GITHUB_OUTPUT + + - name: Install updatecli + uses: updatecli/updatecli-action@v2 + + - name: Update dependencies + env: + GITHUB_TOKEN: ${{ secrets.PAT_GITHUB }} + run: | + updatecli apply --config .github/updatecli/dependencies.yaml --commit=false + + - name: Get latest tag + id: latest_release + run: | + # awscli_tag + awscli_latest_tag=$(grep "ARG AWSCLI_VERSION" Dockerfile | cut -d '=' -f 2) + echo "awscli_latest_tag=$awscli_latest_tag" >> $GITHUB_OUTPUT + + # kubectl_tag + kubectl_latest_tag=$(grep "ARG KUBECTL_VERSION" Dockerfile | cut -d '=' -f 2) + echo "kubectl_latest_tag=$kubectl_latest_tag" >> $GITHUB_OUTPUT + + # complete tag + echo "complete_tag=aws$awscli_latest_tag-kubectl$kubectl_latest_tag" >> $GITHUB_OUTPUT + + - name: Check if exists changes + id: check_changes + env: + awscli_current_release: ${{ steps.current_release.outputs.awscli_current_release }} + awscli_latest_release: ${{ steps.latest_release.outputs.awscli_latest_release }} + kubectl_current_release: ${{ steps.current_release.outputs.kubectl_current_release }} + kubectl_latest_release: ${{ steps.latest_release.outputs.kubectl_latest_release }} + run: | + # awscli + if [ "$awscli_current_release" != "$awscli_latest_release" ]; then + body+="AWS CLI version:\n" + body+=" - :information_source: Current: \`$awscli_current_release\`\n" + body+=" - :up: Upgrade: \`$awscli_latest_release\`\n" + body+=" - Changelog: https://github.com/aws/aws-cli/releases/tag/$awscli_latest_release\n\n" + + echo "release_changed=true" >> $GITHUB_OUTPUT + fi + + # kubectl + if [ "$kubectl_current_release" != "$kubectl_latest_release" ]; then + body+="Kubectl version:\n" + body+=" - :information_source: Current: \`$kubectl_current_release\`\n" + body+=" - :up: Upgrade: \`$kubectl_latest_release\`\n" + body+=" - Changelog: https://github.com/kubernetes/kubectl/releases/tag/v$kubectl_latest_release\n\n" + + echo "release_changed=true" >> $GITHUB_OUTPUT + fi + + echo -e "$body" > pr-output.log + + - name: "Build and push Docker image" + uses: docker/build-push-action@v6 + if: steps.check_changes.outputs.release_changed == 'true' + with: + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max + context: . + platforms: linux/amd64 + push: false + tags: ecr-token-$GITHUB_JOB + + - name: Show changes + if: steps.check_changes.outputs.release_changed == 'true' + run: | + # install dive + mkdir dive && cd dive + wget https://github.com/wagoodman/dive/releases/download/v${{ vars.DIVE_VERSION }}/dive_${{ vars.DIVE_VERSION }}_linux_amd64.tar.gz + tar xzvf dive_${{ vars.DIVE_VERSION }}_linux_amd64.tar.gz + cd .. + + # dive + echo -e "\n## Dive output\n" >> pr-output.log + ./dive/dive -t ecr-token-${{ env.GITHUB_JOB }} >> pr-output.log + + - name: Create PR changes + if: steps.check_changes.outputs.release_changed == 'true' + uses: peter-evans/create-pull-request@v6 + with: + token: ${{ secrets.PAT_GITHUB }} + commit-message: "feat: new ecr-token version ${{ steps.latest_release.outputs.complete_tag }}" + signoff: false + branch: feat/upgrade-ecr-token-${{ steps.latest_release.outputs.complete_tag }} + delete-branch: true + title: '[ecr-token] new release: ${{ steps.latest_release.outputs.complete_tag }}' + body-path: pr-output.log + labels: | + auto-pr-bump-version diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 2ab49ed..d73750e 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,67 +1,138 @@ +name: Create ECR Token release + env: - USER: devopsiaci - REPO: ecr-token + DOCKERHUB_USER: devopsiaci + DOCKERHUB_REPO: ecr-token + GHCR_REGISTRY: ghcr.io + GHCR_REPO: ${{ github.repository }} on: + workflow_dispatch: push: branches: - main + paths: + - Dockerfile jobs: release: name: Create tag release runs-on: ubuntu-latest - strategy: - matrix: - kubectl_version: - - 1.19.16 - - 1.20.15 - - 1.21.13 - - 1.22.13 - - 1.22.15 - - 1.23.10 - - 1.23.12 - - 1.23.13 - - 1.23.14 - - 1.23.15 - - 1.23.16 - - 1.24.10 - - 1.24.4 - - 1.24.6 - - 1.24.7 - - 1.24.8 - - 1.24.9 - - 1.25.0 - - 1.25.2 - - 1.25.3 - - 1.25.4 - - 1.25.5 - - 1.25.6 - - 1.26.0 - - 1.26.1 + + permissions: + contents: write + packages: write + id-token: write + attestations: write + steps: - name: Checkout uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Read tags from Dockerfile + id: current_tag + run: | + # awscli_tag + awscli_current_tag=$(grep "ARG AWSCLI_VERSION" Dockerfile | cut -d '=' -f 2) + echo "awscli_current_tag=$awscli_current_tag" >> $GITHUB_OUTPUT + + # kubectl_tag + kubectl_current_tag=$(grep "ARG KUBECTL_VERSION" Dockerfile | cut -d '=' -f 2) + echo "kubectl_current_tag=$kubectl_current_tag" >> $GITHUB_OUTPUT - - name: Log in to Docker Hub + # complete tag + echo "complete_tag=aws$awscli_current_tag-kubectl$kubectl_current_tag" >> $GITHUB_OUTPUT + + - name: "Set Docker metadata" + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ${{ env.DOCKERHUB_USER }}/${{ env.DOCKERHUB_REPO }} + ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_REPO }} + labels: | + org.opencontainers.image.maintainer=ialejandro + org.opencontainers.image.title=ECR Token + org.opencontainers.image.description=ECR Token to authenticate with AWS ECR + org.opencontainers.image.vendor=DevOps IA + tags: | + type=raw,value=${{ steps.current_tag.outputs.complete_tag }} + type=sha,enable=false + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Cache Docker layers + uses: actions/cache@v4 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: "[DOCKERHUB] Log in to Docker Hub" uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} - - name: Build and push Docker image + - name: "[GHCR] Log in to the Container registry" + uses: docker/login-action@v3 + with: + registry: ${{ env.GHCR_REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: "Build and push Docker image" + id: push uses: docker/build-push-action@v6 with: + build-args: OPENJDK_VERSION=${{ matrix.jdk_version }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max context: . - push: true + labels: ${{ steps.meta.outputs.labels }} platforms: linux/amd64 - build-args: | - KUBECTL_VERSION=${{ matrix.kubectl_version }} - tags: ${{ env.USER }}/${{ env.REPO }}:kubectl-${{ matrix.kubectl_version }},${{ env.USER }}/${{ env.REPO }}:${{ matrix.kubectl_version }} + push: true + sbom: true + tags: ${{ steps.meta.outputs.tags }} - - name: Update Docker registry description + - name: "Update README.md default version" + run: | + # replace default version + sed -i "s/\* aws-cli: .*/* aws-cli: \`${{ steps.current_tag.outputs.awscli_current_tag }}\`/" README.md + sed -i "s/\* kubectl: .*/* kubectl: \`${{ steps.current_tag.outputs.kubectl_current_tag }}\`/" README.md + + # push changes + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + git add README.md + git commit -m "chore: update README.md [skip ci]" || true + git push -f origin HEAD:main + + - name: "[DOCKERHUB] Update Docker registry description" uses: peter-evans/dockerhub-description@v4 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} - repository: ${{ env.USER }}/${{ env.REPO }} + repository: ${{ env.DOCKERHUB_USER }}/${{ env.DOCKERHUB_REPO }} + + - name: "[GHCR] Generate artifact" + uses: actions/attest-build-provenance@v1 + with: + subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_REPO }} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true + + - # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6571a11 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +pr-output.log +dive +dive/* diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 1333ed7..2ad1e8c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1 +1,41 @@ -TODO +# How to contribute to ECR Token + +This document provides guidelines for contributing to the *Cruise Control* project. + +## How can I contribute? + +### Did you find a bug? + +* **Ensure the bug has not already been reported** by searching on GitHub under [Issues](https://github.com/devops-ia/ecr-token/issues). +* If you cannot find an open issue addressing the problem, [open a new one](https://github.com/devops-ia/ecr-token/issues/new). Include a **title and clear description**, as much relevant information as possible, and a **code sample** or an **executable test case** demonstrating the unexpected behavior. +* Use the relevant bug report templates to create the issue, if available. + +### Do you intend to add a new feature or change an existing one? + +* Please discuss first ([open an issue](https://github.com/devops-ia/ecr-token/issues)) before starting any significant pull request (e.g., implementing features, refactoring code) to avoid spending time on something that might not be merged. +* Adhere to the project's coding conventions (indentation, accurate comments, etc.) and any other requirements (such as test coverage, documentation). + +## Styleguides + +### YAML Styleguide + +All YAML files must adhere to the following style guide: + +* Indentation: Use 2 spaces for indentation. +* No trailing spaces. +* Use hyphens for list items. +* Use camelCase for key names. +* Ensure there are no syntax errors. + +Additional rules: + +* Always use double quotes for strings. +* Keep lines to a maximum of 80 characters. +* Ensure proper alignment of nested elements. + +### Git Commit Messages + +* Use the present tense ("Add feature" not "Added feature"). +* Use the imperative mood ("Move cursor to..." not "Moves cursor to..."). +* Limit the first line to 72 characters or less. +* Reference issues and pull requests liberally after the first line. diff --git a/Dockerfile b/Dockerfile index 49c0156..7c712a8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,13 +1,12 @@ -ARG KUBECTL_VERSION=1.23.16 ARG AWSCLI_VERSION=2.10.3 +ARG KUBECTL_VERSION=1.23.16 FROM alpine/k8s:${KUBECTL_VERSION} as kubectl FROM amazon/aws-cli:${AWSCLI_VERSION} as awscli FROM debian:stable-slim AS main -LABEL maintainer="Iván Alejandro Marugán " -LABEL description="Create or update token for Amazon ECR (https://aws.amazon.com/en/ecr/)" -LABEL version="1.0" +LABEL maintainer="Iván Alejandro Marugán " \ + description="Create or update token for Amazon ECR (https://aws.amazon.com/en/ecr/)" COPY --from=kubectl /usr/bin/kubectl /usr/local/bin/ COPY --from=awscli /usr/local/aws-cli/ /usr/local/aws-cli/ diff --git a/LICENSE b/LICENSE index 479972a..32c75fe 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2023 DevOps Solutions +Copyright (c) 2024 DevOps Solutions Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 1ceec7a..4446c11 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,16 @@ You can reproduce this summary with [`dive`](https://github.com/wagoodman/dive): dive build -t . ``` -## Contributing +## Quick start -We're happy if you want open and issue or a new feature :) +[**Available images**](https://hub.docker.com/r/devopsiaci/ecr-token/tags) + +### Run container + +```command +docker run --name awscli2.10.3-kubectl1.30.3 +``` + +## Use case + +This image is used by [helm-ecr-token](https://github.com/devops-ia/helm-charts/tree/main/charts/ecr-registry)