diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index fccb838..0000000 --- a/.drone.yml +++ /dev/null @@ -1,157 +0,0 @@ ---- -kind: pipeline -name: harvester-vm-dhcp-controller - -platform: - os: linux - arch: amd64 - -steps: -- name: fetch - image: alpine/git - commands: - - git fetch --tags - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/main - - refs/tags/* - event: - - tag - -- name: build - image: rancher/dapper:v0.6.0 - commands: - - dapper ci - volumes: - - name: docker - path: /var/run/docker.sock - -- name: docker-publish-main - image: plugins/docker - settings: - build_args: - - VERSION=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:8}-head - dockerfile: package/Dockerfile - password: - from_secret: docker_password - repo: rancher/harvester-vm-dhcp-controller - tag: ${DRONE_BRANCH}-head - username: - from_secret: docker_username - when: - ref: - - refs/heads/main - - refs/heads/release/v* - event: - - push - -- name: docker-publish - image: plugins/docker - settings: - build_args: - - VERSION=${DRONE_TAG} - custom_dns: 1.1.1.1 - dockerfile: package/Dockerfile - password: - from_secret: docker_password - repo: rancher/harvester-vm-dhcp-controller - tag: ${DRONE_TAG} - username: - from_secret: docker_username - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/main - - refs/tags/* - event: - - tag - -- name: docker-publish-agent-main - image: plugins/docker - settings: - build_args: - - VERSION=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:8}-head - dockerfile: package/Dockerfile.agent - password: - from_secret: docker_password - repo: rancher/harvester-vm-dhcp-agent - tag: ${DRONE_BRANCH}-head - username: - from_secret: docker_username - when: - ref: - - refs/heads/main - - refs/heads/release/v* - event: - - push - -- name: docker-publish-agent - image: plugins/docker - settings: - build_args: - - VERSION=${DRONE_TAG} - custom_dns: 1.1.1.1 - dockerfile: package/Dockerfile.agent - password: - from_secret: docker_password - repo: rancher/harvester-vm-dhcp-agent - tag: ${DRONE_TAG} - username: - from_secret: docker_username - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/main - - refs/tags/* - event: - - tag - -- name: docker-publish-webhook-main - image: plugins/docker - settings: - build_args: - - VERSION=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:8}-head - dockerfile: package/Dockerfile.webhook - password: - from_secret: docker_password - repo: rancher/harvester-vm-dhcp-webhook - tag: ${DRONE_BRANCH}-head - username: - from_secret: docker_username - when: - ref: - - refs/heads/main - - refs/heads/release/v* - event: - - push - -- name: docker-publish-webhook - image: plugins/docker - settings: - build_args: - - VERSION=${DRONE_TAG} - custom_dns: 1.1.1.1 - dockerfile: package/Dockerfile.webhook - password: - from_secret: docker_password - repo: rancher/harvester-vm-dhcp-webhook - tag: ${DRONE_TAG} - username: - from_secret: docker_username - when: - instance: - - drone-publish.rancher.io - ref: - - refs/head/main - - refs/tags/* - event: - - tag - -volumes: -- name: docker - host: - path: /var/run/docker.sock diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000..743ca29 --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,14 @@ +name: Main Build and Publish + +on: + push: + branches: + - main + +jobs: + build-main: + uses: ./.github/workflows/template-build.yml + with: + release-tag-name: ${{ github.ref_name }}-head + push: true + secrets: inherit diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml new file mode 100644 index 0000000..7d60020 --- /dev/null +++ b/.github/workflows/pull-request.yml @@ -0,0 +1,12 @@ +name: Pull Request Build + +on: + pull_request: + +jobs: + build-pr: + uses: ./.github/workflows/template-build.yml + with: + release-tag-name: pull-${{ github.event.number }} + push: false + secrets: inherit diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml index c215a03..34c36d6 100644 --- a/.github/workflows/scan.yml +++ b/.github/workflows/scan.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner in repo mode uses: aquasecurity/trivy-action@master @@ -23,6 +23,6 @@ jobs: severity: 'CRITICAL' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: 'trivy-results.sarif' diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml new file mode 100644 index 0000000..286a8e8 --- /dev/null +++ b/.github/workflows/tag.yml @@ -0,0 +1,14 @@ +name: Tag Build and Publish + +on: + push: + tags: + - v** + +jobs: + build-tag: + uses: ./.github/workflows/template-build.yml + with: + release-tag-name: ${{ github.ref_name }} + push: true + secrets: inherit diff --git a/.github/workflows/template-build.yml b/.github/workflows/template-build.yml new file mode 100644 index 0000000..7485761 --- /dev/null +++ b/.github/workflows/template-build.yml @@ -0,0 +1,79 @@ +on: + workflow_call: + inputs: + release-tag-name: + required: true + type: string + push: + required: true + type: boolean + +env: + repo: "rancher" + controllerImageName: "harvester-vm-dhcp-controller" + agentImageName: "harvester-vm-dhcp-agent" + webhookImageName: "harvester-vm-dhcp-webhook" + +jobs: + dapper-build: + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Run dapper + run: make ci + + - name: Read some Secrets + uses: rancher-eio/read-vault-secrets@main + if: ${{ inputs.push == true }} + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ; + secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD + + - name: Login to Docker Hub + uses: docker/login-action@v3 + if: ${{ inputs.push == true }} + with: + username: ${{ env.DOCKER_USERNAME }} + password: ${{ env.DOCKER_PASSWORD }} + + - name: Docker Build (Controller) + uses: docker/build-push-action@v5 + with: + provenance: false + context: . + platforms: linux/amd64,linux/arm64 + file: package/Dockerfile + push: ${{ inputs.push }} + tags: ${{ env.repo }}/${{ env.controllerImageName }}:${{ inputs.release-tag-name }} + + - name: Docker Build (Agent) + uses: docker/build-push-action@v5 + with: + provenance: false + context: . + platforms: linux/amd64,linux/arm64 + file: package/Dockerfile.agent + push: ${{ inputs.push }} + tags: ${{ env.repo }}/${{ env.agentImageName }}:${{ inputs.release-tag-name }} + + - name: Docker Build (Webhook) + uses: docker/build-push-action@v5 + with: + provenance: false + context: . + platforms: linux/amd64,linux/arm64 + file: package/Dockerfile.webhook + push: ${{ inputs.push }} + tags: ${{ env.repo }}/${{ env.webhookImageName }}:${{ inputs.release-tag-name }} diff --git a/Dockerfile.dapper b/Dockerfile.dapper index 2138163..4c54cac 100644 --- a/Dockerfile.dapper +++ b/Dockerfile.dapper @@ -5,9 +5,12 @@ ENV ARCH $DAPPER_HOST_ARCH RUN zypper -n install tar gzip bash git docker less file curl wget -RUN if [ "${ARCH}" = "amd64" ]; then \ - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.55.2; \ - fi +RUN curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.57.1 + +# The docker version in dapper is too old to have buildx. Install it manually. +RUN curl -sSfL https://github.com/docker/buildx/releases/download/v0.13.1/buildx-v0.13.1.linux-${ARCH} -o buildx-v0.13.1.linux-${ARCH} && \ + chmod +x buildx-v0.13.1.linux-${ARCH} && \ + mv buildx-v0.13.1.linux-${ARCH} /usr/local/bin/buildx ## install controller-gen RUN go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.14.0 diff --git a/package/Dockerfile b/package/Dockerfile index 12d4a3e..245c5e2 100644 --- a/package/Dockerfile +++ b/package/Dockerfile @@ -1,8 +1,19 @@ +# syntax=docker/dockerfile:1.7.0 + FROM registry.suse.com/bci/bci-base:15.5 RUN zypper -n rm container-suseconnect && \ zypper -n in curl dhcp-tools jq -COPY bin/vm-dhcp-controller /usr/bin/vm-dhcp-controller +ARG TARGETPLATFORM + +RUN if [ "$TARGETPLATFORM" != "linux/amd64" ] && [ "$TARGETPLATFORM" != "linux/arm64" ]; then \ + echo "Error: Unsupported TARGETPLATFORM: $TARGETPLATFORM" && \ + exit 1; \ + fi + +ENV ARCH=${TARGETPLATFORM#linux/} + +COPY bin/vm-dhcp-controller-${ARCH} /usr/bin/vm-dhcp-controller ENTRYPOINT [ "vm-dhcp-controller" ] diff --git a/package/Dockerfile.agent b/package/Dockerfile.agent index d5257a8..5b7bbca 100644 --- a/package/Dockerfile.agent +++ b/package/Dockerfile.agent @@ -1,8 +1,19 @@ +# syntax=docker/dockerfile:1.7.0 + FROM registry.suse.com/bci/bci-base:15.5 RUN zypper -n rm container-suseconnect && \ zypper -n in curl dhcp-tools jq -COPY bin/vm-dhcp-agent /usr/bin/vm-dhcp-agent +ARG TARGETPLATFORM + +RUN if [ "$TARGETPLATFORM" != "linux/amd64" ] && [ "$TARGETPLATFORM" != "linux/arm64" ]; then \ + echo "Error: Unsupported TARGETPLATFORM: $TARGETPLATFORM" && \ + exit 1; \ + fi + +ENV ARCH=${TARGETPLATFORM#linux/} + +COPY bin/vm-dhcp-agent-${ARCH} /usr/bin/vm-dhcp-agent ENTRYPOINT [ "vm-dhcp-agent" ] diff --git a/package/Dockerfile.webhook b/package/Dockerfile.webhook index c9d6222..be7fed2 100644 --- a/package/Dockerfile.webhook +++ b/package/Dockerfile.webhook @@ -1,8 +1,19 @@ +# syntax=docker/dockerfile:1.7.0 + FROM registry.suse.com/bci/bci-base:15.5 RUN zypper -n rm container-suseconnect && \ zypper -n in curl -COPY bin/vm-dhcp-webhook /usr/bin/vm-dhcp-webhook +ARG TARGETPLATFORM + +RUN if [ "$TARGETPLATFORM" != "linux/amd64" ] && [ "$TARGETPLATFORM" != "linux/arm64" ]; then \ + echo "Error: Unsupported TARGETPLATFORM: $TARGETPLATFORM" && \ + exit 1; \ + fi + +ENV ARCH=${TARGETPLATFORM#linux/} + +COPY bin/vm-dhcp-webhook-${ARCH} /usr/bin/vm-dhcp-webhook ENTRYPOINT [ "vm-dhcp-webhook" ] diff --git a/scripts/build b/scripts/build index 8f1872f..59a7c4c 100755 --- a/scripts/build +++ b/scripts/build @@ -12,6 +12,8 @@ mkdir -p bin LINKFLAGS="-X main.AppVersion=$VERSION -X main.GitCommit=$COMMIT" -CGO_ENABLED=0 GOARCH="$ARCH" go build -ldflags "-s -w $LINKFLAGS" -o bin/vm-dhcp-controller ./cmd/controller -CGO_ENABLED=0 GOARCH="$ARCH" go build -ldflags "-s -w $LINKFLAGS" -o bin/vm-dhcp-agent ./cmd/agent -CGO_ENABLED=0 GOARCH="$ARCH" go build -ldflags "-s -w $LINKFLAGS" -o bin/vm-dhcp-webhook ./cmd/webhook +for arch in "amd64" "arm64"; do + GOARCH="$arch" CGO_ENABLED=0 go build -ldflags "-s -w $LINKFLAGS" -o bin/vm-dhcp-controller-"$arch" ./cmd/controller + GOARCH="$arch" CGO_ENABLED=0 go build -ldflags "-s -w $LINKFLAGS" -o bin/vm-dhcp-agent-"$arch" ./cmd/agent + GOARCH="$arch" CGO_ENABLED=0 go build -ldflags "-s -w $LINKFLAGS" -o bin/vm-dhcp-webhook-"$arch" ./cmd/webhook +done diff --git a/scripts/default b/scripts/default index 747c00e..05fb0a6 100755 --- a/scripts/default +++ b/scripts/default @@ -5,5 +5,3 @@ cd $(dirname $0) ./build ./package -./package-agent -./package-webhook diff --git a/scripts/package b/scripts/package index 76016fa..dde74a2 100755 --- a/scripts/package +++ b/scripts/package @@ -1,30 +1,10 @@ #!/bin/bash set -e -source $(dirname $0)/version - -cd $(dirname $0)/.. +cd $(dirname $0) echo "Packaging..." -# Copy out artifacts -mkdir -p dist/artifacts -cp bin/vm-dhcp-controller dist/artifacts/vm-dhcp-controller${SUFFIX} - -# Build container images -IMAGE=${REPO}/vm-dhcp-controller:${TAG} -DOCKERFILE=package/Dockerfile - -docker build -f ${DOCKERFILE} -t ${IMAGE} . -echo Built ${IMAGE} - -# Image push (if specified) -IMAGE_PUSH=${REPO}/harvester-vm-dhcp-controller:${IMAGE_PUSH_TAG} -docker tag "${IMAGE}" "${IMAGE_PUSH}" -echo Tagged "${IMAGE_PUSH}" - -DOCKER_CONFIG=".docker" -if [[ -n ${PUSH} ]];then - docker --config=${DOCKER_CONFIG} push "${IMAGE_PUSH}" - echo Pushed "${IMAGE_PUSH}" -fi +./package-controller +./package-agent +./package-webhook diff --git a/scripts/package-agent b/scripts/package-agent index ff8e7ac..7815a44 100755 --- a/scripts/package-agent +++ b/scripts/package-agent @@ -7,15 +7,12 @@ cd $(dirname $0)/.. echo "Packaging agent..." -# Copy out artifacts -mkdir -p dist/artifacts -cp bin/vm-dhcp-agent dist/artifacts/vm-dhcp-agent${SUFFIX} - # Build container images IMAGE=${REPO}/vm-dhcp-agent:${TAG} DOCKERFILE=package/Dockerfile.agent -docker build -f ${DOCKERFILE} -t ${IMAGE} . +buildx build --load \ + -f ${DOCKERFILE} -t ${IMAGE} . echo Built ${IMAGE} # Image push (if specified) diff --git a/scripts/package-controller b/scripts/package-controller new file mode 100755 index 0000000..d4fb323 --- /dev/null +++ b/scripts/package-controller @@ -0,0 +1,27 @@ +#!/bin/bash +set -e + +source $(dirname $0)/version + +cd $(dirname $0)/.. + +echo "Packaging controller..." + +# Build container images +IMAGE=${REPO}/vm-dhcp-controller:${TAG} +DOCKERFILE=package/Dockerfile + +buildx build --load \ + -f ${DOCKERFILE} -t ${IMAGE} . +echo Built ${IMAGE} + +# Image push (if specified) +IMAGE_PUSH=${REPO}/harvester-vm-dhcp-controller:${IMAGE_PUSH_TAG} +docker tag "${IMAGE}" "${IMAGE_PUSH}" +echo Tagged "${IMAGE_PUSH}" + +DOCKER_CONFIG=".docker" +if [[ -n ${PUSH} ]];then + docker --config=${DOCKER_CONFIG} push "${IMAGE_PUSH}" + echo Pushed "${IMAGE_PUSH}" +fi diff --git a/scripts/package-webhook b/scripts/package-webhook index 505bc85..9bdff4a 100755 --- a/scripts/package-webhook +++ b/scripts/package-webhook @@ -7,15 +7,12 @@ cd $(dirname $0)/.. echo "Packaging webhook..." -# Copy out artifacts -mkdir -p dist/artifacts -cp bin/vm-dhcp-webhook dist/artifacts/vm-dhcp-webhook${SUFFIX} - # Build container images IMAGE=${REPO}/vm-dhcp-webhook:${TAG} DOCKERFILE=package/Dockerfile.webhook -docker build -f ${DOCKERFILE} -t ${IMAGE} . +buildx build --load \ + -f ${DOCKERFILE} -t ${IMAGE} . echo Built ${IMAGE} # Image push (if specified) diff --git a/scripts/validate b/scripts/validate index d774cb0..90d1ce7 100755 --- a/scripts/validate +++ b/scripts/validate @@ -15,4 +15,4 @@ if [ -z "$(command -v golangci-lint)" ]; then fi echo "Running: golangci-lint run" -golangci-lint run +golangci-lint run --timeout 10m