Merge pull request #470 from cpanato/updates

Updates for ci/images/makefile
kubernetes-sigs · Mar 14, 2023 · c60dea6 · c60dea6
2 parents 1df0fc4 + 8601084
commit c60dea6
Show file tree

Hide file tree

Showing 11 changed files with 229 additions and 110 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -3,55 +3,46 @@ name: Release
 on:
   push:
     tags:
-    - 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
+      - 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
 
 jobs:
   release:
     runs-on: ubuntu-latest
 
     permissions:
       id-token: write
-      packages: write
       contents: write
 
     env:
       GOPATH: ${{ github.workspace }}
-      GO111MODULE: on
-      COSIGN_EXPERIMENTAL: "true"
+      COSIGN_YES: "true"
 
     steps:
+    - name: Check out code onto GOPATH
+      uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+      with:
+        fetch-depth: 1
+        path: ./src/github.com/${{ github.repository }}
+
     - uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v3.3.0
       with:
         go-version: 1.20
         check-latest: true
 
     - name: Install ko
-      uses: imjasonh/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6
+      uses: ko-build/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6
 
     - name: Install cosign
-      uses: sigstore/cosign-installer@ced07f21fb1da67979f539bbc6304c16c0677e76 # v2.7.0
+      uses: sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65 # v3.0.1
 
     - name: Install GoReleaser
-      uses: goreleaser/goreleaser-action@ff11ca24a9b39f2d36796d1fbd7a4e39c182630a # v3.1.0
+      uses: goreleaser/goreleaser-action@f82d6c1c344bcacabba2c841718984797f664a6b # v4.2.0
       with:
         install-only: true
 
-    - name: Log into ghcr.io
-      uses: docker/login-action@v1
-      with:
-        registry: ghcr.io
-        username: ${{ github.repository_owner }}
-        password: ${{ secrets.GITHUB_TOKEN }}
-
-    - name: Check out code onto GOPATH
-      uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3.0.0
-      with:
-        fetch-depth: 1
-        path: ./src/github.com/${{ github.repository }}
-
     - name: Get TAG
       id: get_tag
-      run: echo ::set-output name=TAG::${GITHUB_REF#refs/tags/}
+      run: echo "TAG=${GITHUB_REF#refs/*/}" >> "$GITHUB_OUTPUT"
 
     - name: Run goreleaser
       working-directory: ./src/github.com/${{ github.repository }}

diff --git a/.gitignore b/.gitignore
@@ -1,8 +1,9 @@
 coverage.out
 .DS_Store
 dist/
+output/
 bin/
 .idea
 /zeitgeist
 /imagerefs
-.vscode/*
+.vscode/*
diff --git a/.go-version b/.go-version
@@ -0,0 +1 @@
+1.20.2
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -1,59 +1,89 @@
 project_name: zeitgeist
 
 env:
-- GO111MODULE=on
-- CGO_ENABLED=0
-- COSIGN_EXPERIMENTAL=true
+  - GO111MODULE=on
+  - CGO_ENABLED=0
+  - COSIGN_YES="true"
 
 before:
   hooks:
-  - go mod tidy
-  - /bin/bash -c 'if [ -n "$(git --no-pager diff --exit-code go.mod go.sum)" ]; then exit 1; fi'
-  - /bin/bash -c 'make ko-release'
-  - /bin/bash -c 'make sign-images'
+    - go mod tidy
+    - /bin/bash -c 'if [ -n "$(git --no-pager diff --exit-code go.mod go.sum)" ]; then exit 1; fi'
 
 gomod:
   proxy: true
 
 builds:
-- goos:
-  - darwin
-  - linux
-  - windows
-  goarch:
-  - amd64
-  - arm64
-  - arm
-  - s390x
-  - ppc64le
-  goarm:
-  - '7'
-  ignore:
-  - goos: windows
-    goarch: arm64
-  - goos: windows
-    goarch: arm
-  - goos: windows
-    goarch: s390x
-  - goos: windows
-    goarch: ppc64le
-  flags:
-  - -trimpath
-  ldflags:
-  - "{{ .Env.LDFLAGS }}"
+  - id: zeitgeist
+    binary: zeitgeist
+    goos:
+      - darwin
+      - linux
+      - windows
+    goarch:
+      - amd64
+      - arm64
+      - arm
+      - s390x
+      - ppc64le
+    goarm:
+      - '7'
+    ignore:
+      - goos: windows
+        goarch: arm64
+      - goos: windows
+        goarch: arm
+      - goos: windows
+        goarch: s390x
+      - goos: windows
+        goarch: ppc64le
+    flags:
+      - -trimpath
+    ldflags:
+      - "{{ .Env.LDFLAGS }}"
+
+  - id: buoy
+    dir: ./buoy
+    binary: buoy
+    main: .
+    goos:
+      - darwin
+      - linux
+      - windows
+    goarch:
+      - amd64
+      - arm64
+      - arm
+      - s390x
+      - ppc64le
+    goarm:
+      - '7'
+    ignore:
+      - goos: windows
+        goarch: arm64
+      - goos: windows
+        goarch: arm
+      - goos: windows
+        goarch: s390x
+      - goos: windows
+        goarch: ppc64le
+    flags:
+      - -trimpath
+    ldflags:
+      - "{{ .Env.LDFLAGS }}"
 
 archives:
-- format: binary
-  allow_different_binary_count: true
+  - format: binary
+    allow_different_binary_count: true
 
 signs:
-# Keyless
-- id: cosign-keyless
-  signature: "${artifact}.sig"
-  certificate: "${artifact}.pem"
-  cmd: cosign
-  args: ["sign-blob", "--output-signature", "${artifact}.sig", "--output-certificate", "${artifact}.pem", "${artifact}"]
-  artifacts: all
+  # Keyless
+  - id: zeitgeist-keyless
+    signature: "${artifact}.sig"
+    certificate: "${artifact}.pem"
+    cmd: cosign
+    args: ["sign-blob", "--output-signature", "${artifact}.sig", "--output-certificate", "${artifact}.pem", "${artifact}"]
+    artifacts: all
 
 checksum:
   name_template: 'checksums.txt'
@@ -71,5 +101,5 @@ changelog:
   sort: asc
   filters:
     exclude:
-    - '^docs:'
-    - '^test:'
+      - '^docs:'
+      - '^test:'
diff --git a/.ko.yaml b/.ko.yaml
@@ -1,17 +1,33 @@
-defaultBaseImage: gcr.io/distroless/base:nonroot
+---
+defaultBaseImage: cgr.dev/chainguard/static:latest
 
 builds:
-- id: zeitgeist
-  dir: .
-  main: .
-  env:
-  - CGO_ENABLED=0
-  flags:
-  - -trimpath
-  - -tags
-  - nostackdriver
-  ldflags:
-  - -s
-  - -w
-  - -extldflags "-static"
-  - "{{ .Env.LDFLAGS }}"
+  - id: zeitgeist
+    dir: .
+    main: .
+    env:
+      - CGO_ENABLED=0
+    flags:
+      - -trimpath
+      - -tags
+      - nostackdriver
+    ldflags:
+      - -s
+      - -w
+      - -extldflags "-static"
+      - "{{ .Env.LDFLAGS }}"
+
+  - id: buoy
+    dir: .
+    main: ./buoy
+    env:
+      - CGO_ENABLED=0
+    flags:
+      - -trimpath
+      - -tags
+      - nostackdriver
+    ldflags:
+      - -s
+      - -w
+      - -extldflags "-static"
+      - "{{ .Env.LDFLAGS }}"
diff --git a/Makefile b/Makefile
@@ -42,14 +42,18 @@ LDFLAGS=-buildid= -X sigs.k8s.io/release-utils/version.gitVersion=$(GIT_VERSION)
         -X sigs.k8s.io/release-utils/version.gitTreeState=$(GIT_TREESTATE) \
         -X sigs.k8s.io/release-utils/version.buildDate=$(BUILD_DATE)
 
-KO_DOCKER_REPO ?= ghcr.io/kubernetes-sigs
+KO_DOCKER_REPO ?= gcr.io/k8s-staging-zeitgeist
+export KO_DOCKER_REPO
 
 build: ## Build zeitgeist
-	go build -trimpath -ldflags "$(LDFLAGS)"
+	go build -trimpath -ldflags "$(LDFLAGS)" -o ./output/zeitgeist .
+	cd buoy && go build -trimpath -ldflags "$(LDFLAGS)"  -o ../output/buoy .
 
-ko-local: ## Build zeitgeist image locally (does not push it)
-	LDFLAGS="$(LDFLAGS)" \
-	ko build --local --tags $(GIT_VERSION),latest --base-import-paths --platform=all .
+ko-local: ## Build zeitgeist/buoy image locally (does not push it)
+	LDFLAGS="$(LDFLAGS)" KO_DOCKER_REPO=ko.local \
+	ko build --base-import-paths sigs.k8s.io/zeitgeist
+	LDFLAGS="$(LDFLAGS)" KO_DOCKER_REPO=ko.local \
+	ko build --base-import-paths sigs.k8s.io/zeitgeist/buoy
 
 .PHONY: snapshot
 snapshot: ## Build zeitgeist binaries with goreleaser in snapshot mode
@@ -90,12 +94,21 @@ goreleaser: ## Build zeitgeist binaries with goreleaser
 	goreleaser release --rm-dist
 
 .PHONY: ko-release
-ko-release: ## Build zeitgeist image
+ko-release: ko-release-zeitgeist ko-release-buoy
+
+.PHONY: ko-release-zeitgeist
+ko-release-zeitgeist: ## Build zeitgeist image
+	LDFLAGS="$(LDFLAGS)" GIT_HASH=$(GIT_HASH) GIT_VERSION=$(GIT_VERSION) \
+	ko build --base-import-paths \
+	--platform=all --tags $(GIT_VERSION),$(GIT_HASH),latest --image-refs imagerefs sigs.k8s.io/zeitgeist
+
+.PHONY: ko-release-buoy
+ko-release-buoy: ## Build zeitgeist image
 	LDFLAGS="$(LDFLAGS)" GIT_HASH=$(GIT_HASH) GIT_VERSION=$(GIT_VERSION) \
 	ko build --base-import-paths \
-	--platform=all --tags $(GIT_VERSION),$(GIT_HASH),latest --image-refs imagerefs .
+	--platform=all --tags $(GIT_VERSION),$(GIT_HASH),latest --image-refs imagerefs_buoy sigs.k8s.io/zeitgeist/buoy
 
-imagerefs := $(shell cat imagerefs testimagerefs)
+imagerefs := $(shell cat imagerefs imagerefs_buoy)
 sign-refs := $(foreach ref,$(imagerefs),$(ref))
 .PHONY: sign-images
 sign-images:

diff --git a/buoy/go.mod b/buoy/go.mod
@@ -15,7 +15,7 @@ require (
 )
 
 require (
-	github.com/Microsoft/go-winio v0.5.2 // indirect
+	github.com/Microsoft/go-winio v0.6.0 // indirect
 	github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4 // indirect
 	github.com/acomagu/bufpipe v1.0.3 // indirect
 	github.com/cloudflare/circl v1.1.0 // indirect
@@ -27,16 +27,18 @@ require (
 	github.com/inconshreveable/mousetrap v1.0.1 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
-	github.com/kr/pretty v0.2.1 // indirect
+	github.com/kr/pretty v0.3.0 // indirect
 	github.com/kr/text v0.2.0 // indirect
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/sergi/go-diff v1.1.0 // indirect
+	github.com/rogpeppe/go-internal v1.8.0 // indirect
+	github.com/sergi/go-diff v1.2.0 // indirect
 	github.com/skeema/knownhosts v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
-	golang.org/x/crypto v0.3.0 // indirect
+	golang.org/x/crypto v0.5.0 // indirect
 	golang.org/x/sys v0.6.0 // indirect
+	golang.org/x/tools v0.6.0 // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect