Skip to content

Commit

Permalink
Merge pull request #9 from gdisdevops/master
Browse files Browse the repository at this point in the history 
Feature/arm64 (#1)
  • Loading branch information
@DaspawnW
DaspawnW authored Feb 5, 2024
2 parents b2cc021 + 7cd546e commit cb03c80
Show file tree
Hide file tree
Showing 6 changed files with 154 additions and 65 deletions.
69 changes: 47 additions & 22 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,21 +8,26 @@ jobs:
name: Release
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Install Go
uses: actions/setup-go@v1
uses: actions/setup-go@v5
with:
go-version: 1.19.x
- name: Checkout code
uses: actions/checkout@v2
go-version-file: './go.mod'

- name: Get tag version
id: get_version
run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\//}

- name: Build Asset (linux)
- name: Build Asset (linux amd64)
run: CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-X 'main.Version=${{ steps.get_version.outputs.VERSION }}'" -o bin/k8s-node-label-linux-amd64 ./cmd/k8s-node-label/...
- name: Build Asset (darwin)
- name: Build Asset (linux arm64)
run: CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags="-X 'main.Version=${{ steps.get_version.outputs.VERSION }}'" -o bin/k8s-node-label-linux-arm64 ./cmd/k8s-node-label/...
- name: Build Asset (darwin amd64)
run: CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -ldflags="-X 'main.Version=${{ steps.get_version.outputs.VERSION }}'" -o bin/k8s-node-label-darwin-amd64 ./cmd/k8s-node-label/...
- name: Build Asset (darwin arm64)
run: CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 go build -ldflags="-X 'main.Version=${{ steps.get_version.outputs.VERSION }}'" -o bin/k8s-node-label-darwin-arm64 ./cmd/k8s-node-label/...

- name: Create Release
id: create_release
Expand All @@ -38,7 +43,7 @@ jobs:
Build also available as docker image:
`daspawnw/k8s-node-label:${{ steps.get_version.outputs.VERSION }}`
- name: Upload Release Asset (linux)
- name: Upload Release Asset (linux amd64)
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand All @@ -47,7 +52,7 @@ jobs:
asset_path: bin/k8s-node-label-linux-amd64
asset_name: k8s-node-label-linux-amd64
asset_content_type: application/x-executable
- name: Upload Release Asset (darwin)
- name: Upload Release Asset (darwin amd64)
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand All @@ -56,6 +61,24 @@ jobs:
asset_path: bin/k8s-node-label-darwin-amd64
asset_name: k8s-node-label-darwin-amd64
asset_content_type: application/x-mach-binary
- name: Upload Release Asset (linux arm64)
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: bin/k8s-node-label-linux-arm64
asset_name: k8s-node-label-linux-arm64
asset_content_type: application/x-executable
- name: Upload Release Asset (darwin arm64)
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: bin/k8s-node-label-darwin-arm64
asset_name: k8s-node-label-darwin-arm64
asset_content_type: application/x-mach-binary

docker:
name: Docker Build
Expand All @@ -66,13 +89,16 @@ jobs:
needs: release

steps:
- uses: actions/checkout@v1
- uses: actions/checkout@v4

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
uses: docker/setup-buildx-action@v3

- name: Login to DockerHub
uses: docker/login-action@v1
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
Expand All @@ -83,8 +109,9 @@ jobs:

- name: Build and push
id: docker_build
uses: docker/build-push-action@v2
uses: docker/build-push-action@v5
with:
platforms: linux/amd64,linux/arm64
push: true
tags: daspawnw/k8s-node-label:${{ steps.get_version.outputs.VERSION }}

Expand All @@ -108,7 +135,7 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4

# # Install the cosign tool except on PR
# # https://github.com/sigstore/cosign-installer
Expand All @@ -118,20 +145,18 @@ jobs:
# with:
# cosign-release: 'v1.11.0'

# - name: Set up QEMU
# uses: docker/setup-qemu-action@v2
# with:
# platforms: 'arm64,arm'
- name: Set up QEMU
uses: docker/setup-qemu-action@v3

# Workaround: https://github.com/docker/build-push-action/issues/461
- name: Setup Docker buildx
uses: docker/setup-buildx-action@v2
uses: docker/setup-buildx-action@v3

# Login against a Docker registry except on PR
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
if: github.event_name != 'pull_request'
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
Expand All @@ -149,13 +174,13 @@ jobs:
# https://github.com/docker/build-push-action
- name: Build and push Docker image
id: build-and-push
uses: docker/build-push-action@v3
uses: docker/build-push-action@v5
with:
context: .
platforms: linux/amd64,linux/arm64
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
# platforms: linux/amd64,linux/arm64
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: ${{ format('RELEASE_VERSION={0}', github.ref_name) }}
Expand All @@ -172,7 +197,7 @@ jobs:
severity: 'MEDIUM,CRITICAL,HIGH'

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: 'trivy-results.sarif'
Expand Down
116 changes: 89 additions & 27 deletions .github/workflows/test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,61 +4,123 @@ jobs:
test:
strategy:
matrix:
go-version: [1.19.x]
platform: [ubuntu-latest, macos-latest]
runs-on: ${{ matrix.platform }}
steps:

- name: Checkout code
uses: actions/checkout@v4

- name: Install Go
uses: actions/setup-go@v1
uses: actions/setup-go@v5
with:
go-version: ${{ matrix.go-version }}
- name: Checkout code
uses: actions/checkout@v2
go-version-file: './go.mod'
- name: Test
run: go test ./...

sonarqube:
trivy-scan-fs:
name: Trivy - scan fs
runs-on: ubuntu-latest
steps:
- name: Install Go
uses: actions/setup-go@v1
with:
go-version: 1.19.x
- name: Checkout code
uses: actions/checkout@v2
- name: Calculate coverage
run: go test -coverprofile=coverage.out ./...
- name: SonarCloud Scan
uses: sonarsource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_PROJECT_KEY: ${{ secrets.SONAR_PROJECT_KEY }}
SONAR_ORGANIZATION: ${{ secrets.SONAR_ORGANIZATION }}
- name: Checkout code
uses: actions/checkout@v4

- name: Run Trivy vulnerability scanner in fs mode
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
ignore-unfixed: true
severity: 'MEDIUM,CRITICAL,HIGH' #report all severities
exit-code: '1'
format: 'table'

docker:
name: Docker Build

runs-on: ubuntu-latest

if: github.ref == 'refs/heads/master'
needs: test
if: github.ref == 'refs/heads/master' && github.repository == 'daspawnw/k8s-node-label'
needs:
- test
- trivy-scan-fs

steps:
- uses: actions/checkout@v1
- uses: actions/checkout@v4

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
uses: docker/setup-buildx-action@v3

- name: Login to DockerHub
uses: docker/login-action@v1
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Build and push
id: docker_build
uses: docker/build-push-action@v2
uses: docker/build-push-action@v5
with:
push: true
tags: daspawnw/k8s-node-label:latest

docker-forks:
name: Docker Build (forks)
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
if: github.ref != 'daspawnw/k8s-node-label'
needs:
- test
- trivy-scan-fs

steps:
- uses: actions/checkout@v4

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Log into registry ${{ env.REGISTRY }}
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v4
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Build and push Docker image
id: build-and-push
uses: docker/build-push-action@v5
with:
context: .
platforms: linux/amd64,linux/arm64
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: ${{ format('RELEASE_VERSION={0}', github.ref_name) }}

- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
if: ${{ github.event_name != 'pull_request' }}
with:
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}
format: 'table'
ignore-unfixed: true
exit-code: 1
severity: 'MEDIUM,CRITICAL,HIGH'
8 changes: 5 additions & 3 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,18 @@
FROM golang:1.18-alpine as builder
FROM --platform=$BUILDPLATFORM golang:1.19-alpine as builder

ARG TARGETOS
ARG TARGETARCH
ARG RELEASE_VERSION=development

# Install our build tools
RUN apk add --update git make bash ca-certificates

WORKDIR /go/src/github.com/daspawnw/k8s-node-label
COPY . ./
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-X 'main.Version=${RELEASE_VERSION}'" -o bin/k8s-node-label-linux-amd64 ./cmd/k8s-node-label/...
RUN CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH go build -ldflags="-X 'main.Version=${RELEASE_VERSION}'" -o bin/k8s-node-label ./cmd/k8s-node-label/...

FROM scratch
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=builder /go/src/github.com/daspawnw/k8s-node-label/bin/k8s-node-label-linux-amd64 /k8s-node-label
COPY --from=builder /go/src/github.com/daspawnw/k8s-node-label/bin/k8s-node-label /k8s-node-label

ENTRYPOINT ["/k8s-node-label"]
2 changes: 1 addition & 1 deletion examples/deployment/manifest.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ spec:
spec:
serviceAccountName: k8s-node-label
containers:
- image: daspawnw/k8s-node-label:v0.4
- image: daspawnw/k8s-node-label:v0.6
name: k8s-node-label
env:
- name: AWS_REGION
Expand Down
8 changes: 4 additions & 4 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,11 +29,11 @@ require (
github.com/pkg/errors v0.9.1 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
golang.org/x/net v0.5.0 // indirect
golang.org/x/net v0.20.0 // indirect
golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f // indirect
golang.org/x/sys v0.4.0 // indirect
golang.org/x/term v0.4.0 // indirect
golang.org/x/text v0.6.0 // indirect
golang.org/x/sys v0.16.0 // indirect
golang.org/x/term v0.16.0 // indirect
golang.org/x/text v0.14.0 // indirect
golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/protobuf v1.27.1 // indirect
Expand Down
Loading

0 comments on commit cb03c80

Please sign in to comment.