diff --git a/.github/template-sync.yml b/.github/template-sync.yml index 1cf1831..47f7997 100644 --- a/.github/template-sync.yml +++ b/.github/template-sync.yml @@ -1,11 +1,5 @@ --- additional: -- anchore-helm -- docker-fpm -- lacework-manifest -- kong-build-tools-base-images -- kong-internal-unstable-helm - files: - '!README.md' @@ -16,3 +10,9 @@ files: - '!.github/PULL_REQUEST_TEMPLATE.md' - '!**/CODEOWNERS' - '!.yamllint' +- '!Dockerfile' +- '!build.sh' +- '!test.sh' +- .github/workflows/release.yaml +- .releaserc +- Makefile diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..dc9a1f8 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,81 @@ +--- +name: Release + +on: # yamllint disable-line rule:truthy + pull_request: + push: + branches: + - main + +jobs: + release: + name: Create Release + runs-on: ubuntu-latest + outputs: + published: ${{ steps.release.outputs.published }} + release-git-tag: ${{ steps.release.outputs.release-git-tag }} + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Release + id: release + uses: ahmadnassri/action-semantic-release@v2.1.10 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + artifacts: + needs: release + name: Create Release Artifacts + strategy: + matrix: + architecture: [aarch64, x86_64] + ostype: [linux-gnu, linux-musl] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: docker/setup-qemu-action@v2 + - uses: docker/setup-buildx-action@v2 + - name: Set environment variables + run: | + echo "ARCHITECTURE=${{ matrix.architecture }}" >> $GITHUB_ENV + echo "OSTYPE=${{ matrix.ostype }}" >> $GITHUB_ENV + echo "REGISTRY=ghcr.io" + - name: Build, and Package + run: make build/package + - name: Log in to the Container registry + if: ${{ needs.release.outputs.published == 'true' }} + uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Docker meta + if: ${{ needs.release.outputs.published == 'true' }} + id: meta + uses: docker/metadata-action@v4 + with: + images: ghcr.io/kong/template-github-release + sep-tags: ' ' + flavor: | + suffix=-${{ matrix.architecture }}-${{ matrix.ostype }} + tags: | + type=sha + type=ref,event=branch + type=semver,value=${{ needs.release.outputs.release-git-tag }} + - name: Retag and Push + if: ${{ needs.release.outputs.published == 'true' }} + run: | + for tag in ${{ steps.meta.outputs.tags }}; do \ + docker tag ghcr.io/template-github-release:build-$ARCHITECTURE-$OSTYPE $tag && \ + docker push $tag; \ + done + - name: Archive the package + if: ${{ needs.release.outputs.published == 'true' }} + run: | + tar -C package -czvf ${{ matrix.architecture }}-${{ matrix.ostype }}.tar.gz . + - name: Add Release Artifact to the Github Release + if: ${{ needs.release.outputs.published == 'true' }} + uses: softprops/action-gh-release@v1 + with: + tag_name: ${{ needs.release.outputs.release-git-tag }} + files: ${{ matrix.architecture }}-${{ matrix.ostype }}.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ba3bd78 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +package diff --git a/.releaserc b/.releaserc new file mode 100644 index 0000000..2372c57 --- /dev/null +++ b/.releaserc @@ -0,0 +1,45 @@ +{ + "branches": ["main"], + "tagFormat": "${version}", + "repositoryUrl": "https://github.com/kong/template-github-release.git", + "plugins": [ + [ + "@semantic-release/commit-analyzer", + { + "preset": "conventionalcommits", + "releaseRules": [ + { "breaking": true, "release": "major" }, + { "revert": true, "release": "patch" }, + { "type": "build", "release": "patch" }, + { "type": "docs", "release": "patch" }, + { "type": "feat", "release": "minor" }, + { "type": "fix", "release": "patch" }, + { "type": "perf", "release": "patch" }, + { "type": "refactor", "release": "patch" }, + { "type": "chore", "release": "patch" } + ] + } + ], + [ + "@semantic-release/release-notes-generator", + { + "preset": "conventionalcommits", + "presetConfig": { + "types": [ + { "type": "build", "section": "Build", "hidden": false }, + { "type": "chore", "section": "Chores", "hidden": false }, + { "type": "ci", "section": "CI/CD", "hidden": false }, + { "type": "docs", "section": "Docs", "hidden": false }, + { "type": "feat", "section": "Features", "hidden": false }, + { "type": "fix", "section": "Bug Fixes", "hidden": false }, + { "type": "perf", "section": "Performance", "hidden": false }, + { "type": "refactor", "section": "Refactor", "hidden": false }, + { "type": "style", "section": "Code Style", "hidden": false }, + { "type": "test", "section": "Tests", "hidden": false } + ] + } + } + ], + "@semantic-release/github" + ] +} diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..f84308e --- /dev/null +++ b/Dockerfile @@ -0,0 +1,23 @@ +ARG OSTYPE=linux-gnu +ARG ARCHITECTURE=x86_64 +ARG DOCKER_REGISTRY=ghcr.io +ARG DOCKER_IMAGE_NAME + +# List out all image permutations to trick dependabot +FROM --platform=linux/amd64 kong/kong-build-tools:apk-1.8.1 as x86_64-linux-musl +FROM --platform=linux/amd64 kong/kong-build-tools:rpm-1.8.1 as x86_64-linux-gnu +FROM --platform=linux/arm64 kong/kong-build-tools:apk-1.8.1 as aarch64-linux-musl +FROM --platform=linux/arm64 kong/kong-build-tools:rpm-1.8.1 as aarch64-linux-gnu + + +# Run the build script +FROM $ARCHITECTURE-$OSTYPE as build + +COPY . /src +RUN /src/build.sh && /src/test.sh + + +# Copy the build result to scratch so we can export the result +FROM scratch as package + +COPY --from=build /tmp/build / diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..159617d --- /dev/null +++ b/Makefile @@ -0,0 +1,30 @@ +ARCHITECTURE ?= x86_64 +OSTYPE ?= linux-gnu +DOCKER_TARGET ?= build +DOCKER_REGISTRY ?= ghcr.io +DOCKER_IMAGE_NAME ?= template-github-release +DOCKER_IMAGE_TAG ?= $(DOCKER_TARGET)-$(ARCHITECTURE)-$(OSTYPE) +DOCKER_NAME ?= $(DOCKER_REGISTRY)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG) +DOCKER_RESULT ?= --load + +clean: + rm -rf package + docker rmi $(DOCKER_NAME) + +docker: + docker buildx build \ + --build-arg DOCKER_REGISTRY=$(DOCKER_REGISTRY) \ + --build-arg DOCKER_IMAGE_NAME=$(DOCKER_IMAGE_NAME) \ + --build-arg DOCKER_IMAGE_TAG=$(DOCKER_IMAGE_TAG) \ + --build-arg ARCHITECTURE=$(ARCHITECTURE) \ + --build-arg OSTYPE=$(OSTYPE) \ + --target=$(DOCKER_TARGET) \ + -t $(DOCKER_NAME) \ + $(DOCKER_RESULT) . + +build/docker: + docker inspect --format='{{.Config.Image}}' $(DOCKER_NAME) || \ + $(MAKE) DOCKER_TARGET=build docker + +build/package: build/docker + $(MAKE) DOCKER_TARGET=package DOCKER_RESULT="-o package" docker diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..8de0308 --- /dev/null +++ b/build.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash + +set -euo pipefail +IFS=$'\n\t' + +if [ -n "${DEBUG:-}" ]; then + set -x +fi + +function main() { + rm -rf /tmp/build/* && uname -a >> /tmp/build/out +} + +main diff --git a/test.sh b/test.sh new file mode 100755 index 0000000..3babf61 --- /dev/null +++ b/test.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash + +set -euo pipefail +IFS=$'\n\t' + +if [ -n "${DEBUG:-}" ]; then + set -x +fi + +function test() { + ls -lah /tmp/build/out +} + +test