Skip to content

Commit

Permalink
Add CRT docker changes for release workflow
Browse files Browse the repository at this point in the history
  • Loading branch information
@skpratt
skpratt committed Jun 10, 2023
1 parent f07736b commit b26ed7c
Show file tree
Hide file tree
Showing 2 changed files with 77 additions and 3 deletions.
75 changes: 72 additions & 3 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ on:
- main
# Push events to branches matching refs/heads/release/**
- "release/**"
- skpratt/**

env:
PKG_NAME: "consul-k8s"
Expand Down Expand Up @@ -271,6 +272,7 @@ jobs:
unzip -j *.zip
- name: Docker Build (Action)
uses: hashicorp/actions-docker-build@v1
if: ${{ !matrix.fips }}
with:
smoke_test: |
TEST_VERSION="$(docker run "${IMAGE_NAME}" consul-k8s-control-plane version | awk '{print $2}')"
Expand All @@ -291,6 +293,29 @@ jobs:
hashicorppreview/${{ env.repo }}-control-plane:${{ env.version }}
docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.version }}-${{ github.sha }}
- name: Docker FIPS Build (Action)
uses: hashicorp/actions-docker-build@v1
if: ${{ matrix.fips }}
with:
smoke_test: |
TEST_VERSION="$(docker run "${IMAGE_NAME}" consul-k8s-control-plane version | awk '{print $2}')"
if [ "${TEST_VERSION}" != "v${version}" ]; then
echo "Test FAILED"
exit 1
fi
echo "Test PASSED"
version: ${{ env.version }}
target: release-default-fips # duplicate target to distinguish FIPS builds in CRT machinery
arch: ${{ matrix.goarch }}
pkg_name: consul-k8s-control-plane_${{ env.version }}
bin_name: consul-k8s-control-plane
workdir: control-plane
tags: |
docker.io/hashicorp/${{ env.repo }}-control-plane-fips:${{ env.version }}
dev_tags: |
hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.version }}
docker.io/hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.version }}-${{ github.sha }}
build-docker-ubi-redhat-registry:
name: Docker ${{ matrix.arch }} ${{ matrix.fips }} UBI build for RedHat Registry
needs: [get-product-version, build]
Expand Down Expand Up @@ -318,7 +343,9 @@ jobs:
- name: Copy LICENSE
run:
cp LICENSE ./control-plane
- uses: hashicorp/actions-docker-build@v1
- name: Docker Build (Action)
if: ${{ !matrix.fips }}
uses: hashicorp/actions-docker-build@v1
with:
smoke_test: |
TEST_VERSION="$(docker run "${IMAGE_NAME}" consul-k8s-control-plane version | awk '{print $2}')"
Expand All @@ -334,6 +361,24 @@ jobs:
bin_name: consul-k8s-control-plane
workdir: control-plane
redhat_tag: quay.io/redhat-isv-containers/611ca2f89a9b407267837100:${{env.version}}-ubi
- name: Docker FIPS Build (Action)
if: ${{ matrix.fips }}
uses: hashicorp/actions-docker-build@v1
with:
smoke_test: |
TEST_VERSION="$(docker run "${IMAGE_NAME}" consul-k8s-control-plane version | awk '{print $2}')"
if [ "${TEST_VERSION}" != "v${version}" ]; then
echo "Test FAILED"
exit 1
fi
echo "Test PASSED"
version: ${{ env.version }}
target: ubi-fips # duplicate target to distinguish FIPS builds in CRT machinery
arch: ${{ matrix.arch }}
pkg_name: consul-k8s-control-plane_${{ env.version }}
bin_name: consul-k8s-control-plane
workdir: control-plane
redhat_tag: quay.io/redhat-isv-containers/6483ed53b430df51b731406c:${{env.version}}-ubi # this is different than the non-FIPS one

build-docker-ubi-dockerhub:
name: Docker ${{ matrix.arch }} ${{ matrix.fips }} UBI build for DockerHub
Expand Down Expand Up @@ -361,7 +406,9 @@ jobs:
- name: Copy LICENSE
run:
cp LICENSE ./control-plane
- uses: hashicorp/actions-docker-build@v1
- name: Docker Build (Action)
uses: hashicorp/actions-docker-build@v1
if: ${{ !matrix.fips }}
with:
smoke_test: |
TEST_VERSION="$(docker run "${IMAGE_NAME}" consul-k8s-control-plane version | awk '{print $2}')"
Expand All @@ -380,4 +427,26 @@ jobs:
docker.io/hashicorp/${{ env.repo }}-control-plane:${{ env.version }}-ubi
dev_tags: |
hashicorppreview/${{ env.repo }}-control-plane:${{ env.version }}-ubi
docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.version }}-ubi-${{ github.sha }}
docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.version }}-ubi-${{ github.sha }}
- name: Docker FIPS Build (Action)
uses: hashicorp/actions-docker-build@v1
if: ${{ matrix.fips }}
with:
smoke_test: |
TEST_VERSION="$(docker run "${IMAGE_NAME}" consul-k8s-control-plane version | awk '{print $2}')"
if [ "${TEST_VERSION}" != "v${version}" ]; then
echo "Test FAILED"
exit 1
fi
echo "Test PASSED"
version: ${{ env.version }}
target: ubi-fips # duplicate target to distinguish FIPS builds in CRT machinery
arch: ${{ matrix.arch }}
pkg_name: consul-k8s-control-plane_${{ env.version }}
bin_name: consul-k8s-control-plane
workdir: control-plane
tags: |
docker.io/hashicorp/${{ env.repo }}-control-plane:${{ env.version }}-ubi
dev_tags: |
hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.version }}-ubi
docker.io/hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.version }}-ubi-${{ github.sha }}
5 changes: 5 additions & 0 deletions control-plane/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,9 @@ COPY dist/cni/${TARGETOS}/${TARGETARCH}/${CNI_BIN_NAME} /bin/
USER 100
CMD /bin/${BIN_NAME}

# Duplicate target for FIPS builds
FROM release-default AS release-default-fips

# -----------------------------------
# Dockerfile target for consul-k8s with UBI as its base image. Used for running on
# OpenShift.
Expand Down Expand Up @@ -175,6 +178,8 @@ COPY dist/cni/${TARGETOS}/${TARGETARCH}/${CNI_BIN_NAME} /bin/
USER 100
CMD /bin/${BIN_NAME}

# Duplicate target for FIPS builds
FROM ubi AS ubi-fips
# ===================================
#
# Set default target to 'dev'.
Expand Down

0 comments on commit b26ed7c

Please sign in to comment.