From 3699c9f8947466f2a64b5bf1c402a5d7b477383a Mon Sep 17 00:00:00 2001 From: Keisuke Nitta Date: Wed, 14 Feb 2024 20:13:12 +0900 Subject: [PATCH 1/6] feat: publish Docker image to Public ECR --- .github/workflows/release.yaml | 45 +++++++++++++++++++++++++++++++++- 1 file changed, 44 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 107eb45..6377638 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -3,7 +3,7 @@ name: Release on: push: tags: - - 'v[0-9]+.[0-9]+.[0-9]+' + - "v[0-9]+.[0-9]+.[0-9]+" jobs: goreleaser: runs-on: ubuntu-latest @@ -23,3 +23,46 @@ jobs: args: release --clean env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + build-and-push: + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Setup QEMU + uses: docker/setup-qemu-action@v3 + - name: Setup Buildx + uses: docker/setup-buildx-action@v3 + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.ROLE_TO_ASSUME }} + role-session-name: "mackerel-sql-metric-collector:${{ github.run_id }}-${{ github.run_number }}" + aws-region: ap-northeast-1 + - name: Login to Public ECR + uses: docker/login-action@v3 + with: + registry: public.ecr.aws + env: + AWS_REGION: us-east-1 + + - name: Get version from tag + id: get-version + run: echo "VERSION=${GITHUB_REF/regs\/tags\//}" >> "$GITHUB_OUTPUT" + + - name: Build and push Docker image + uses: docker/build-push-action@v5 + with: + push: true + context: . + file: Dockerfile + platforms: | + linux/amd64 + linux/arm64 + tags: | + public.ecr.aws/mackerel/mackerel-sql-metric-collector:latest + public.ecr.aws/mackerel/mackerel-sql-metric-collector:${{ steps.get-version.outputs.VERSION }} From 8340d00ac4fe6b6a7a6346f396dcfcf9199a9e52 Mon Sep 17 00:00:00 2001 From: Keisuke Nitta Date: Tue, 27 Feb 2024 11:37:55 +0900 Subject: [PATCH 2/6] fix: disable provenance generation --- .github/workflows/release.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 6377638..4b9387b 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -58,6 +58,7 @@ jobs: uses: docker/build-push-action@v5 with: push: true + provenance: false context: . file: Dockerfile platforms: | From d0d6af5abd1c5df940092f51387399ef93ae9f19 Mon Sep 17 00:00:00 2001 From: Keisuke Nitta Date: Tue, 27 Feb 2024 13:13:59 +0900 Subject: [PATCH 3/6] feat: cross compilation for Dockerfile --- Dockerfile | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index caf9ee3..88b13bd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,11 @@ -FROM golang:1.21 AS build +FROM --platform=$BUILDPLATFORM golang:1.21 AS build +ARG TARGETOS +ARG TARGETARCH WORKDIR /app COPY . /app -RUN make NAME=mackerel-sql-metric-collector +# To avoid downloading Go modules in the build of each platform, we share the module cache and lock during builds. +RUN --mount=type=cache,sharing=locked,target=/go/pkg/mod/ \ + GOOS=${TARGETOS} GOARCH=${TARGETARCH} make NAME=mackerel-sql-metric-collector FROM gcr.io/distroless/static-debian11:nonroot COPY --from=build --chown=nonroot:nonroot /app/bin/mackerel-sql-metric-collector / From 96e3cfc2fdbb7f39deaf6703b374e92926b3e247 Mon Sep 17 00:00:00 2001 From: Keisuke Nitta Date: Tue, 27 Feb 2024 14:24:12 +0900 Subject: [PATCH 4/6] feat: use git context --- .github/workflows/release.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 4b9387b..32623b0 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -30,8 +30,6 @@ jobs: contents: read id-token: write steps: - - name: Checkout - uses: actions/checkout@v4 - name: Setup QEMU uses: docker/setup-qemu-action@v3 - name: Setup Buildx @@ -59,7 +57,6 @@ jobs: with: push: true provenance: false - context: . file: Dockerfile platforms: | linux/amd64 From f367926c6819ed4cec5d49b54ea22bcb2625e269 Mon Sep 17 00:00:00 2001 From: Keisuke Nitta Date: Tue, 27 Feb 2024 15:56:17 +0900 Subject: [PATCH 5/6] fix: set GIT_REVISION on Docker build --- .github/workflows/release.yaml | 5 +++++ Dockerfile | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 32623b0..d245ced 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -51,6 +51,9 @@ jobs: - name: Get version from tag id: get-version run: echo "VERSION=${GITHUB_REF/regs\/tags\//}" >> "$GITHUB_OUTPUT" + - name: Get short sha + id: short-sha + run: echo "GIT_SHORT_SHA=${GITHUB_SHA:0:7}" >> "$GITHUB_OUTPUT" - name: Build and push Docker image uses: docker/build-push-action@v5 @@ -61,6 +64,8 @@ jobs: platforms: | linux/amd64 linux/arm64 + build-args: | + GIT_REVISION=${{ steps.short-sha.outputs.GIT_SHORT_SHA }} tags: | public.ecr.aws/mackerel/mackerel-sql-metric-collector:latest public.ecr.aws/mackerel/mackerel-sql-metric-collector:${{ steps.get-version.outputs.VERSION }} diff --git a/Dockerfile b/Dockerfile index 88b13bd..291b5c3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,11 +1,12 @@ FROM --platform=$BUILDPLATFORM golang:1.21 AS build +ARG GIT_REVISION ARG TARGETOS ARG TARGETARCH WORKDIR /app COPY . /app # To avoid downloading Go modules in the build of each platform, we share the module cache and lock during builds. RUN --mount=type=cache,sharing=locked,target=/go/pkg/mod/ \ - GOOS=${TARGETOS} GOARCH=${TARGETARCH} make NAME=mackerel-sql-metric-collector + GOOS=${TARGETOS} GOARCH=${TARGETARCH} make GIT_REVISION=${GIT_REVISION} NAME=mackerel-sql-metric-collector FROM gcr.io/distroless/static-debian11:nonroot COPY --from=build --chown=nonroot:nonroot /app/bin/mackerel-sql-metric-collector / From 3a050b3721293594a385fc1ce692715c908a761f Mon Sep 17 00:00:00 2001 From: Keisuke Nitta Date: Tue, 27 Feb 2024 16:20:07 +0900 Subject: [PATCH 6/6] feat: use docker/metadata-action --- .github/workflows/release.yaml | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index d245ced..87a40a6 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -48,9 +48,15 @@ jobs: env: AWS_REGION: us-east-1 - - name: Get version from tag - id: get-version - run: echo "VERSION=${GITHUB_REF/regs\/tags\//}" >> "$GITHUB_OUTPUT" + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: | + public.ecr.aws/mackerel/mackerel-sql-metric-collector + tags: | + type=semver,pattern={{raw}} + - name: Get short sha id: short-sha run: echo "GIT_SHORT_SHA=${GITHUB_SHA:0:7}" >> "$GITHUB_OUTPUT" @@ -66,6 +72,5 @@ jobs: linux/arm64 build-args: | GIT_REVISION=${{ steps.short-sha.outputs.GIT_SHORT_SHA }} - tags: | - public.ecr.aws/mackerel/mackerel-sql-metric-collector:latest - public.ecr.aws/mackerel/mackerel-sql-metric-collector:${{ steps.get-version.outputs.VERSION }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }}