diff --git a/.gitignore b/.gitignore index 4630e77b..906af162 100644 --- a/.gitignore +++ b/.gitignore @@ -23,3 +23,5 @@ scratch/ build/ vault-helm/ + +dist/ diff --git a/.goreleaser.yaml b/.goreleaser.yaml new file mode 100644 index 00000000..5499eaeb --- /dev/null +++ b/.goreleaser.yaml @@ -0,0 +1,266 @@ +# This is an example .goreleaser.yml file with some sensible defaults. +# Make sure to check the documentation at https://goreleaser.com + +# The lines below are called `modelines`. See `:help modeline` +# Feel free to remove those if you don't want/need to use them. +# yaml-language-server: $schema=https://goreleaser.com/static/schema.json +# vim: set ts=2 sw=2 tw=0 fo=cnqoj + +version: 2 + +before: + hooks: + # You may remove this if you don't use go modules. + - go mod tidy + # you may remove this if you don't need go generate + - go generate ./... + +builds: + - env: + - CGO_ENABLED=0 + goos: + - linux + - darwin + +dockers: + - id: alpine-amd64 + use: buildx + goos: linux + goarch: amd64 + skip_push: false + ids: + - builds-linux + build_flag_templates: + - "--pull" + - "--build-arg=BIN_NAME={{.ProjectName}}" + - "--build-arg=REVISION={{.FullCommit}}" + - "--build-arg=VERSION={{.Version}}" + - "--platform=linux/amd64" + - "--label=org.opencontainers.image.title={{ .ProjectName }}" + - "--label=org.opencontainers.image.vendor=OpenBao" + - "--label=org.opencontainers.image.description=OpenBao K8s {{ .Version }}" + - "--label=org.opencontainers.image.url=https://github.com/openbao/openbao-k8s" + - "--label=org.opencontainers.image.documentation=https://github.com/openbao/openbao-k8s/blob/main/README.md" + - "--label=org.opencontainers.image.source=https://github.com/openbao/openbao-k8s" + - "--label=org.opencontainers.image.licenses=MPL-2.0" + - "--label=org.opencontainers.image.version={{ .Version }}" + - "--label=org.opencontainers.image.revision={{ .FullCommit }}" + - '--label=org.opencontainers.image.created={{ time "2006-01-02T15:04:05Z07:00" }}' + - "--label=release={{ .Version }}" + - "--label=revision={{ .FullCommit }}" + - "--label=version={{ .Version }}" + - "--target=default" + image_templates: + - "ghcr.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-amd64" + - "quay.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-amd64" + - "docker.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-amd64" + extra_files: + - ./LICENSE + - ./.release/docker/docker-entrypoint.sh + - ./CHANGELOG.md + - id: alpine-arm + use: buildx + goos: linux + goarch: arm + goarm: "6" + skip_push: false + ids: + - builds-linux + build_flag_templates: + - "--pull" + - "--build-arg=BIN_NAME={{ .ProjectName }}" + - "--build-arg=REVISION={{ .FullCommit }}" + - "--build-arg=VERSION={{ .Version }}" + - "--platform=linux/arm" + - "--label=org.opencontainers.image.title={{ .ProjectName }}" + - "--label=org.opencontainers.image.vendor=OpenBao" + - "--label=org.opencontainers.image.description=OpenBao K8s {{ .Version }}" + - "--label=org.opencontainers.image.url=https://github.com/openbao/openbao-k8s" + - "--label=org.opencontainers.image.documentation=https://github.com/openbao/openbao-k8s/blob/main/README.md" + - "--label=org.opencontainers.image.source=https://github.com/openbao/openbao-k8s" + - "--label=org.opencontainers.image.licenses=MPL-2.0" + - "--label=org.opencontainers.image.version={{ .Version }}" + - "--label=org.opencontainers.image.revision={{ .FullCommit }}" + - '--label=org.opencontainers.image.created={{ time "2006-01-02T15:04:05Z07:00" }}' + - "--label=release={{ .Version }}" + - "--label=revision={{ .FullCommit }}" + - "--label=version={{ .Version }}" + - "--target=default" + image_templates: + - "ghcr.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-arm" + - "quay.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-arm" + - "docker.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-arm" + extra_files: + - ./LICENSE + - ./.release/docker/docker-entrypoint.sh + - ./CHANGELOG.md + - id: alpine-arm64 + use: buildx + goos: linux + goarch: arm64 + goarm: "8" + skip_push: false + ids: + - builds-linux + build_flag_templates: + - "--pull" + - "--build-arg=BIN_NAME={{ .ProjectName }}" + - "--build-arg=REVISION={{ .FullCommit }}" + - "--build-arg=VERSION={{ .Version }}" + - "--platform=linux/arm64" + - "--label=org.opencontainers.image.title={{ .ProjectName }}" + - "--label=org.opencontainers.image.vendor=OpenBao" + - "--label=org.opencontainers.image.description=OpenBao K8s {{ .Version }}" + - "--label=org.opencontainers.image.url=https://github.com/openbao/openbao-k8s" + - "--label=org.opencontainers.image.documentation=https://github.com/openbao/openbao-k8s/blob/main/README.md" + - "--label=org.opencontainers.image.source=https://github.com/openbao/openbao-k8s" + - "--label=org.opencontainers.image.licenses=MPL-2.0" + - "--label=org.opencontainers.image.version={{ .Version }}" + - "--label=org.opencontainers.image.revision={{ .FullCommit }}" + - '--label=org.opencontainers.image.created={{ time "2006-01-02T15:04:05Z07:00" }}' + - "--label=release={{ .Version }}" + - "--label=revision={{ .FullCommit }}" + - "--label=version={{ .Version }}" + - "--target=default" + image_templates: + - "ghcr.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-arm64" + - "quay.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-arm64" + - "docker.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-arm64" + extra_files: + - ./LICENSE + - ./.release/docker/docker-entrypoint.sh + - ./CHANGELOG.md + +docker_manifests: + - name_template: ghcr.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }} + skip_push: false + image_templates: + - ghcr.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-amd64 + - ghcr.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-arm + - ghcr.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-arm64 + - name_template: ghcr.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Major }}.{{ .Minor }} + skip_push: false + image_templates: + - ghcr.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-amd64 + - ghcr.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-arm + - ghcr.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-arm64 + - name_template: ghcr.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Major }} + skip_push: false + image_templates: + - ghcr.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-amd64 + - ghcr.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-arm + - ghcr.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-arm64 + - name_template: ghcr.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:latest + skip_push: false + image_templates: + - ghcr.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-amd64 + - ghcr.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-arm + - ghcr.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-arm64 + - name_template: docker.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }} + skip_push: false + image_templates: + - docker.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-amd64 + - docker.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-arm + - docker.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-arm64 + - name_template: docker.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Major }}.{{ .Minor }} + skip_push: false + image_templates: + - docker.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-amd64 + - docker.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-arm + - docker.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-arm64 + - name_template: docker.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Major }} + skip_push: false + image_templates: + - docker.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-amd64 + - docker.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-arm + - docker.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-arm64 + - name_template: docker.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:latest + skip_push: false + image_templates: + - docker.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-amd64 + - docker.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-arm + - docker.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-arm64 + - name_template: quay.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }} + skip_push: false + image_templates: + - quay.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-amd64 + - quay.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-arm + - quay.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-arm64 + - name_template: quay.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Major }}.{{ .Minor }} + skip_push: false + image_templates: + - quay.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-amd64 + - quay.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-arm + - quay.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-arm64 + - name_template: quay.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Major }} + skip_push: false + image_templates: + - quay.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-amd64 + - quay.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-arm + - quay.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-arm64 + - name_template: quay.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:latest + skip_push: false + image_templates: + - quay.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-amd64 + - quay.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-arm + - quay.io/{{ .Env.GITHUB_REPOSITORY_OWNER }}/openbao-k8s:{{ .Version }}-arm64 + +archives: + - format: tar.gz + # this name template makes the OS and Arch compatible with the results of `uname`. + name_template: >- + {{ .ProjectName }}_ + {{- title .Os }}_ + {{- if eq .Arch "amd64" }}x86_64 + {{- else if eq .Arch "386" }}i386 + {{- else }}{{ .Arch }}{{ end }} + {{- if .Arm }}v{{ .Arm }}{{ end }} + +changelog: + sort: asc + filters: + exclude: + - "^docs:" + - "^test:" + +signs: + - id: cosign + artifacts: all + cmd: cosign + certificate: "${artifact}.pem" + args: + - "sign-blob" + - "--oidc-issuer=https://token.actions.githubusercontent.com" + - "--output-certificate=${certificate}" + - "--output-signature=${signature}" + - "${artifact}" + - "--yes" # needed on cosign 2.0.0+ + - id: gpg + artifacts: all + signature: "${artifact}.gpgsig" + cmd: gpg + stdin: "{{ .Env.GPG_PASSWORD }}" + args: + - "--batch" + - "--default-key={{ .Env.GPG_FINGERPRINT }}" + - "--output=${signature}" + - "--detach-sign" + - "${artifact}" + +docker_signs: + - artifacts: all + args: + - "sign" + - "--oidc-issuer=https://token.actions.githubusercontent.com" + - "${artifact}@${digest}" + - "--yes" # needed on cosign 2.0.0+ + +release: + github: + owner: openbao + name: openbao-k8s + draft: true #${{ .Env.GITHUB_RELEASE_DRAFT }} + replace_existing_draft: false + prerelease: ${{ .Env.GITHUB_PRERELEASE }} + make_latest: ${{ .Env.GITHUB_RELEASE_MAKE_LATEST }} + disable: false diff --git a/Makefile b/Makefile index a28c1146..94229f15 100644 --- a/Makefile +++ b/Makefile @@ -1,9 +1,8 @@ -REGISTRY_NAME ?= docker.io/hashicorp +REGISTRY_NAME ?= docker.io/openbao IMAGE_NAME = openbao-k8s VERSION ?= 0.0.0-dev -OPENBAO_VERSION ?= 1.16.1 +OPENBAO_VERSION ?= v2.0.0-beta20240618 IMAGE_TAG ?= $(REGISTRY_NAME)/$(IMAGE_NAME):$(VERSION) -PUBLISH_LOCATION ?= https://releases.hashicorp.com DOCKER_DIR = ./build/docker BUILD_DIR = dist GOOS ?= linux @@ -15,8 +14,7 @@ PKG = github.com/openbao/openbao-k8s/version LDFLAGS ?= "-X '$(PKG).Version=v$(VERSION)'" TESTARGS ?= '-test.v' -OPENBAO_HELM_CHART_VERSION ?= 0.27.0 -# TODO: add support for testing against enterprise +OPENBAO_HELM_CHART_VERSION ?= 0.4.0 TEST_WITHOUT_OPENBAO_TLS ?= ifndef TEST_WITHOUT_OPENBAO_TLS @@ -31,7 +29,7 @@ ifdef TEST_WITHOUT_OPENBAO_TLS HELM_VALUES_FILE = test/openbao/dev-no-tls.values.yaml endif -OPENBAO_HELM_DEFAULT_ARGS ?= --repo https://helm.releases.hashicorp.com --version=$(OPENBAO_HELM_CHART_VERSION) \ +OPENBAO_HELM_DEFAULT_ARGS ?= --repo https://openbao.github.io/openbao-helm --version=$(OPENBAO_HELM_CHART_VERSION) \ --wait --timeout=5m \ --values=$(HELM_VALUES_FILE) \ --set server.image.tag=$(OPENBAO_VERSION) \