diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 613cb8b9..5787c30e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,6 +9,10 @@ on: pull_request: workflow_call: +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + jobs: ci: uses: smallstep/workflows/.github/workflows/goCI.yml@main diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 49ee4b99..19aaf741 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,36 +8,35 @@ on: jobs: ci: - uses: smallstep/step-issuer/.github/workflows/ci.yml@main + uses: smallstep/step-issuer/.github/workflows/ci.yml@master create_release: name: Create Release needs: ci runs-on: ubuntu-latest + env: + DOCKER_IMAGE: smallstep/step-issuer outputs: - version: ${{ steps.extract-tag.outputs.VERSION }} - vversion: ${{ steps.extract-tag.outputs.VVERSION }} - is_prerelease: ${{ steps.is_prerelease.outputs.IS_PRERELEASE }} + docker_tags: ${{ env.DOCKER_TAGS }} steps: - - - name: Extract Tag Names - id: extract-tag - run: | - VVERSION=${GITHUB_REF#refs/tags/} - VERSION=${GITHUB_REF#refs/tags/v} - echo "::set-output name=VVERSION::${VVERSION}" - echo "::set-output name=VERSION::${VERSION}" - - - name: Is Pre-release + - name: Is Pre-release id: is_prerelease run: | set +e echo ${{ github.ref }} | grep "\-rc.*" OUT=$? if [ $OUT -eq 0 ]; then IS_PRERELEASE=true; else IS_PRERELEASE=false; fi - echo "::set-output name=IS_PRERELEASE::${IS_PRERELEASE}" - - - name: Create Release + echo "IS_PRERELEASE=${IS_PRERELEASE}" >> ${GITHUB_OUTPUT} + - name: Extract Tag Names + id: extract-tag + run: | + VERSION=${GITHUB_REF#refs/tags/v} + echo "DOCKER_TAGS=${{ env.DOCKER_IMAGE }}:${VERSION}" >> ${GITHUB_ENV} + - name: Add Latest Tag + if: steps.is_prerelease.outputs.IS_PRERELEASE == 'false' + run: | + echo "DOCKER_TAGS=${{ env.DOCKER_TAGS }},${{ env.DOCKER_IMAGE }}:latest" >> ${GITHUB_ENV} + - name: Create Release id: create_release uses: actions/create-release@v1 env: @@ -50,21 +49,15 @@ jobs: build_upload_docker: name: Build & Upload Docker Images - runs-on: ubuntu-latest - needs: ci - steps: - - - name: Checkout - uses: actions/checkout@v2 - - - name: Setup Go - uses: actions/setup-go@v2 - with: - go-version: '1.19' - - - name: Build - id: build - run: make artifacts - env: - DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} - DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + needs: create_release + permissions: + id-token: write + contents: write + uses: smallstep/workflows/.github/workflows/docker-buildx-push.yml@main + with: + platforms: linux/amd64,linux/arm64 + tags: ${{ needs.create_release.outputs.docker_tags }} + docker_image: smallstep/step-issuer + docker_file: Dockerfile + secrets: inherit + diff --git a/Dockerfile b/Dockerfile index bb9194fa..f262a246 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,16 @@ # Use distroless as minimal base image to package the manager binary # Refer to https://github.com/GoogleContainerTools/distroless for more details -FROM gcr.io/distroless/static:latest -ARG BINPATH="docker/bin/manager" +FROM golang:alpine AS builder + +RUN mkdir /src +WORKDIR /src +COPY . . + +RUN apk add --no-cache make git curl && \ + make CGO_ENABLED=0 V=1 bin/manager + +FROM alpine + WORKDIR / -COPY $BINPATH . +COPY --from=builder /src/bin/manager . ENTRYPOINT ["/manager"] diff --git a/Makefile b/Makefile index b0c25b58..5e678181 100644 --- a/Makefile +++ b/Makefile @@ -173,75 +173,3 @@ ifneq ($(BINNAME),"") endif .PHONY: clean - -################################################# -# Docker -################################################# - -DOCKER_OUTPUT=$(OUTPUT_ROOT)docker/ -DOCKER_MAKE=V=$V GOOS_OVERRIDE='GOOS=linux GOARCH=amd64' PREFIX=$(1) make $(1)bin/$(2) -DOCKER_BUILD=$Q docker build -t $(IMG) -f $(2) --build-arg BINPATH=$(DOCKER_OUTPUT)bin/$(1) . - -docker: docker-make Dockerfile - $(call DOCKER_BUILD,manager,Dockerfile) - -docker-make: - $Q mkdir -p $(DOCKER_OUTPUT) - $(call DOCKER_MAKE,$(DOCKER_OUTPUT),manager) - -.PHONY: docker docker-make - -# Make sure to run a local registry -# docker run -d -p 5000:5000 --restart=always --name registry registry:2 -docker-dev: docker - $Q docker tag ${IMG} localhost:5000/${IMG} - $Q docker push localhost:5000/${IMG} - -.PHONY: docker-dev - -################################################# -# Releasing Docker Images -################################################# - -DOCKER_TAG=docker tag smallstep/$(1):latest smallstep/$(1):$(2) -DOCKER_PUSH=docker push smallstep/$(1):$(2) - -docker-tag: - $(call DOCKER_TAG,step-issuer,$(VERSION)) - -docker-push-tag: docker-tag - $(call DOCKER_PUSH,step-issuer,$(VERSION)) - -docker-push-tag-latest: - $(call DOCKER_PUSH,step-issuer,latest) - -# Rely on DOCKER_USERNAME and DOCKER_PASSWORD being set inside the CI or -# equivalent environment -docker-login: - $Q docker login -u="$(DOCKER_USERNAME)" -p="$(DOCKER_PASSWORD)" - -.PHONY: docker-login docker-tag docker-push-tag docker-push-tag-latest - -################################################# -# Targets for pushing the docker images -################################################# - -# For all builds we build the docker container -docker-master: docker - -# For all builds with a release candidate tag -docker-release-candidate: docker-master docker-login docker-push-tag - -# For all builds with a release tag -docker-release: docker-release-candidate docker-push-tag-latest - -.PHONY: docker-master docker-release-candidate docker-release - -################################################# -# Targets for creating step artifacts -################################################# - -# This command is called by travis directly *after* a successful build -artifacts: docker-$(PUSHTYPE) - -.PHONY: artifacts