From 2fa21a912d8e6c7c7129bf4f5880c9f652ebca60 Mon Sep 17 00:00:00 2001 From: Colin Hutchinson Date: Fri, 2 Dec 2022 12:43:58 +0000 Subject: [PATCH 1/5] chore(setup): adjust the template sync --- .github/template-sync.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/template-sync.yml b/.github/template-sync.yml index 1cf1831..1c985a5 100644 --- a/.github/template-sync.yml +++ b/.github/template-sync.yml @@ -1,11 +1,5 @@ --- additional: -- anchore-helm -- docker-fpm -- lacework-manifest -- kong-build-tools-base-images -- kong-internal-unstable-helm - files: - '!README.md' From 8bdb6183eb9deb789f01cc9ce15c6db3ed63daff Mon Sep 17 00:00:00 2001 From: Colin Hutchinson Date: Fri, 2 Dec 2022 12:44:47 +0000 Subject: [PATCH 2/5] feat(build): setup build, test, and package --- .gitignore | 1 + Dockerfile | 27 +++++++++++++++++++++++++++ Makefile | 30 ++++++++++++++++++++++++++++++ build | 14 ++++++++++++++ build.sh | 14 ++++++++++++++ test.sh | 14 ++++++++++++++ 6 files changed, 100 insertions(+) create mode 100644 .gitignore create mode 100644 Dockerfile create mode 100644 Makefile create mode 100755 build create mode 100755 build.sh create mode 100755 test.sh diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ba3bd78 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +package diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..d7ddda0 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,27 @@ +ARG OSTYPE=linux-gnu +ARG ARCHITECTURE=x86_64 +ARG DOCKER_REGISTRY=ghcr.io +ARG DOCKER_IMAGE_NAME + +# List out all image permutations to trick dependabot +FROM --platform=linux/amd64 kong/kong-build-tools:apk-1.8.1 as x86_64-linux-musl +FROM --platform=linux/amd64 kong/kong-build-tools:rpm-1.8.1 as x86_64-linux-gnu +FROM --platform=linux/arm64 kong/kong-build-tools:apk-1.8.1 as aarch64-linux-musl +FROM --platform=linux/arm64 kong/kong-build-tools:rpm-1.8.1 as aarch64-linux-gnu + + +# Run the build script +FROM $ARCHITECTURE-$OSTYPE as build + +COPY . /src +RUN /src/build.sh && /src/test.sh + + +# COPY --from doesn't support args so use an intermediary image +FROM $DOCKER_REGISTRY/$DOCKER_IMAGE_NAME:build-$ARCHITECTURE-$OSTYPE as build-result + + +# Copy the build result to scratch so we can export the result +FROM scratch as package + +COPY --from=build-result /tmp/build / diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..a9429bd --- /dev/null +++ b/Makefile @@ -0,0 +1,30 @@ +ARCHITECTURE ?= x86_64 +OSTYPE ?= linux-gnu +DOCKER_TARGET ?= build +DOCKER_REGISTRY ?= ghcr.io +DOCKER_IMAGE_NAME ?= template-github-release +DOCKER_IMAGE_TAG ?= $(DOCKER_TARGET)-$(ARCHITECTURE)-$(OSTYPE) +DOCKER_NAME ?= $(DOCKER_REGISTRY)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG) +DOCKER_RESULT ?= --load + +clean: + rm -rf *.tar.gz + docker rmi $(DOCKER_NAME) + +docker: + docker buildx build \ + --build-arg DOCKER_REGISTRY=$(DOCKER_REGISTRY) \ + --build-arg DOCKER_IMAGE_NAME=$(DOCKER_IMAGE_NAME) \ + --build-arg DOCKER_IMAGE_TAG=$(DOCKER_IMAGE_TAG) \ + --build-arg ARCHITECTURE=$(ARCHITECTURE) \ + --build-arg OSTYPE=$(OSTYPE) \ + --target=$(DOCKER_TARGET) \ + -t $(DOCKER_NAME) \ + $(DOCKER_RESULT) . + +build/docker: + docker inspect --format='{{.Config.Image}}' $(DOCKER_NAME) || \ + $(MAKE) DOCKER_TARGET=build docker + +build/package: build/docker + $(MAKE) DOCKER_TARGET=package DOCKER_RESULT="-o package" docker diff --git a/build b/build new file mode 100755 index 0000000..8de0308 --- /dev/null +++ b/build @@ -0,0 +1,14 @@ +#!/usr/bin/env bash + +set -euo pipefail +IFS=$'\n\t' + +if [ -n "${DEBUG:-}" ]; then + set -x +fi + +function main() { + rm -rf /tmp/build/* && uname -a >> /tmp/build/out +} + +main diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..8de0308 --- /dev/null +++ b/build.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash + +set -euo pipefail +IFS=$'\n\t' + +if [ -n "${DEBUG:-}" ]; then + set -x +fi + +function main() { + rm -rf /tmp/build/* && uname -a >> /tmp/build/out +} + +main diff --git a/test.sh b/test.sh new file mode 100755 index 0000000..3babf61 --- /dev/null +++ b/test.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash + +set -euo pipefail +IFS=$'\n\t' + +if [ -n "${DEBUG:-}" ]; then + set -x +fi + +function test() { + ls -lah /tmp/build/out +} + +test From b70361170cf91ec0b60edc454db6c8370884c7a6 Mon Sep 17 00:00:00 2001 From: Colin Hutchinson Date: Fri, 2 Dec 2022 12:53:06 +0000 Subject: [PATCH 3/5] chore(ci): setup continuous delivery workflow --- .github/workflows/release.yaml | 82 ++++++++++++++++++++++++++++++++++ .releaserc | 45 +++++++++++++++++++ Dockerfile | 6 +-- Makefile | 2 +- 4 files changed, 129 insertions(+), 6 deletions(-) create mode 100644 .github/workflows/release.yaml create mode 100644 .releaserc diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..c5d34b0 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,82 @@ +--- +name: Release + +on: # yamllint disable-line rule:truthy + pull_request: + push: + branches: + - main + - feat/github-releases + +jobs: + release: + name: Create Release + runs-on: ubuntu-latest + outputs: + published: ${{ steps.release.outputs.published }} + release-git-tag: ${{ steps.release.outputs.release-git-tag }} + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Release + id: release + uses: ahmadnassri/action-semantic-release@v2.1.10 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + artifacts: + needs: release + name: Create Release Artifacts + strategy: + matrix: + architecture: [aarch64, x86_64] + ostype: [linux-gnu, linux-musl] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: docker/setup-qemu-action@v2 + - uses: docker/setup-buildx-action@v2 + - name: Set environment variables + run: | + echo "ARCHITECTURE=${{ matrix.architecture }}" >> $GITHUB_ENV + echo "OSTYPE=${{ matrix.ostype }}" >> $GITHUB_ENV + echo "REGISTRY=ghcr.io" + - name: Build, and Package + run: make build/package + - name: Log in to the Container registry + if: ${{ needs.release.outputs.published == 'true' }} + uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Docker meta + if: ${{ needs.release.outputs.published == 'true' }} + id: meta + uses: docker/metadata-action@v4 + with: + images: ghcr.io/kong/template-github-release + sep-tags: ' ' + flavor: | + suffix=-${{ matrix.architecture }}-${{ matrix.ostype }} + tags: | + type=sha + type=ref,event=branch + type=semver,value=${{ needs.release.outputs.release-git-tag }} + - name: Retag and Push + if: ${{ needs.release.outputs.published == 'true' }} + run: | + for tag in ${{ steps.meta.outputs.tags }}; do \ + docker tag ghcr.io/template-github-release:build-$ARCHITECTURE-$OSTYPE $tag && \ + docker push $tag; \ + done + - name: Archive the package + if: ${{ needs.release.outputs.published == 'true' }} + run: | + tar -C package -czvf ${{ matrix.architecture }}-${{ matrix.ostype }}.tar.gz . + - name: Add Release Artifact to the Github Release + if: ${{ needs.release.outputs.published == 'true' }} + uses: softprops/action-gh-release@v1 + with: + tag_name: ${{ needs.release.outputs.release-git-tag }} + files: ${{ matrix.architecture }}-${{ matrix.ostype }}.tar.gz diff --git a/.releaserc b/.releaserc new file mode 100644 index 0000000..2372c57 --- /dev/null +++ b/.releaserc @@ -0,0 +1,45 @@ +{ + "branches": ["main"], + "tagFormat": "${version}", + "repositoryUrl": "https://github.com/kong/template-github-release.git", + "plugins": [ + [ + "@semantic-release/commit-analyzer", + { + "preset": "conventionalcommits", + "releaseRules": [ + { "breaking": true, "release": "major" }, + { "revert": true, "release": "patch" }, + { "type": "build", "release": "patch" }, + { "type": "docs", "release": "patch" }, + { "type": "feat", "release": "minor" }, + { "type": "fix", "release": "patch" }, + { "type": "perf", "release": "patch" }, + { "type": "refactor", "release": "patch" }, + { "type": "chore", "release": "patch" } + ] + } + ], + [ + "@semantic-release/release-notes-generator", + { + "preset": "conventionalcommits", + "presetConfig": { + "types": [ + { "type": "build", "section": "Build", "hidden": false }, + { "type": "chore", "section": "Chores", "hidden": false }, + { "type": "ci", "section": "CI/CD", "hidden": false }, + { "type": "docs", "section": "Docs", "hidden": false }, + { "type": "feat", "section": "Features", "hidden": false }, + { "type": "fix", "section": "Bug Fixes", "hidden": false }, + { "type": "perf", "section": "Performance", "hidden": false }, + { "type": "refactor", "section": "Refactor", "hidden": false }, + { "type": "style", "section": "Code Style", "hidden": false }, + { "type": "test", "section": "Tests", "hidden": false } + ] + } + } + ], + "@semantic-release/github" + ] +} diff --git a/Dockerfile b/Dockerfile index d7ddda0..f84308e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,11 +17,7 @@ COPY . /src RUN /src/build.sh && /src/test.sh -# COPY --from doesn't support args so use an intermediary image -FROM $DOCKER_REGISTRY/$DOCKER_IMAGE_NAME:build-$ARCHITECTURE-$OSTYPE as build-result - - # Copy the build result to scratch so we can export the result FROM scratch as package -COPY --from=build-result /tmp/build / +COPY --from=build /tmp/build / diff --git a/Makefile b/Makefile index a9429bd..159617d 100644 --- a/Makefile +++ b/Makefile @@ -8,7 +8,7 @@ DOCKER_NAME ?= $(DOCKER_REGISTRY)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG) DOCKER_RESULT ?= --load clean: - rm -rf *.tar.gz + rm -rf package docker rmi $(DOCKER_NAME) docker: From 29595c3d699445b7519a4b5165d1519736f67d8d Mon Sep 17 00:00:00 2001 From: Colin Hutchinson Date: Fri, 2 Dec 2022 15:12:09 +0000 Subject: [PATCH 4/5] chore(sync): don't sync some of these files to avoid overwriting downstream changes --- .github/template-sync.yml | 6 ++++++ build | 14 -------------- 2 files changed, 6 insertions(+), 14 deletions(-) delete mode 100755 build diff --git a/.github/template-sync.yml b/.github/template-sync.yml index 1c985a5..47f7997 100644 --- a/.github/template-sync.yml +++ b/.github/template-sync.yml @@ -10,3 +10,9 @@ files: - '!.github/PULL_REQUEST_TEMPLATE.md' - '!**/CODEOWNERS' - '!.yamllint' +- '!Dockerfile' +- '!build.sh' +- '!test.sh' +- .github/workflows/release.yaml +- .releaserc +- Makefile diff --git a/build b/build deleted file mode 100755 index 8de0308..0000000 --- a/build +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail -IFS=$'\n\t' - -if [ -n "${DEBUG:-}" ]; then - set -x -fi - -function main() { - rm -rf /tmp/build/* && uname -a >> /tmp/build/out -} - -main From 9ed092d69696d832e04aeb683970aa61e716422a Mon Sep 17 00:00:00 2001 From: Colin Hutchinson Date: Fri, 2 Dec 2022 15:13:56 +0000 Subject: [PATCH 5/5] fix(ci): remove my branch from the CI trigger --- .github/workflows/release.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index c5d34b0..dc9a1f8 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -6,7 +6,6 @@ on: # yamllint disable-line rule:truthy push: branches: - main - - feat/github-releases jobs: release: