Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[enhancement] Add OCB docker image release #671

Merged
merged 18 commits into from
Oct 21, 2024
Merged
Show file tree
Hide file tree
Changes from 17 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 31 additions & 1 deletion .github/workflows/builder-release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,12 @@ on:
jobs:
goreleaser:
runs-on: ubuntu-latest

permissions:
id-token: write
packages: write
contents: write

steps:
- name: Checkout Releases Repo
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
Expand All @@ -27,10 +33,32 @@ jobs:
repository: "open-telemetry/opentelemetry-collector"
ref: ${{ github.ref_name }}
path: ".core"
- name: Copy Dockerfile to Core Repo directory
run: cp cmd/builder/Dockerfile .core/cmd/builder/Dockerfile
- uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
- uses: anchore/sbom-action/download-syft@61119d458adab75f756bc0b9e4bde25725f86a7a # v0.17.2
- uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
with:
platforms: amd64, arm64,ppc64le
- uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
- name: Setup Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ~1.23
- name: Log into Docker.io
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Login to GitHub Package Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- shell: bash
run: |
echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
with:
Expand All @@ -39,4 +67,6 @@ jobs:
args: release --clean -f cmd/builder/.goreleaser.yml
env:
GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GH_PAT }}
COSIGN_YES: true
SKIP_SIGNS: false
12 changes: 11 additions & 1 deletion .github/workflows/builder-testbuild.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,14 @@ jobs:
fetch-depth: 0
repository: "open-telemetry/opentelemetry-collector"
path: ".core"
- name: Copy Dockerfile to Core Repo directory
run: cp cmd/builder/Dockerfile .core/cmd/builder/Dockerfile
- uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
- uses: anchore/sbom-action/download-syft@61119d458adab75f756bc0b9e4bde25725f86a7a # v0.17.2
- uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
with:
platforms: amd64, arm64,ppc64le
- uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
- name: Setup Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
Expand All @@ -57,4 +65,6 @@ jobs:
args: --snapshot --clean -f cmd/builder/.goreleaser.yml
env:
GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GH_PAT}}
COSIGN_YES: false
SKIP_SIGNS: true
21 changes: 21 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -73,3 +73,24 @@ push-tags:
@git tag -a ${TAG} -s -m "Version ${TAG}"
@echo "Pushing tag ${TAG}"
@git push ${REMOTE} ${TAG}

# Used for debug only
fatsheep9146 marked this conversation as resolved.
Show resolved Hide resolved
REMOTE?=git@github.com:open-telemetry/opentelemetry-collector-releases.git
.PHONY: delete-tags
delete-tags:
@[ "${TAG}" ] || ( echo ">> env var TAG is not set"; exit 1 )
@echo "Deleting local tag ${TAG}"
@if [ -n "$$(git tag -l ${TAG})" ]; then \
git tag -d ${TAG}; \
fi
@if [ -n "$$(git tag -l cmd/builder/${TAG})" ]; then \
git tag -d cmd/builder/${TAG}; \
fi
@echo "Deleting remote tag ${TAG}"
@git push ${REMOTE} :refs/tags/${TAG}
@git push ${REMOTE} :refs/tags/cmd/builder/${TAG}

# Used for debug only
REMOTE?=git@github.com:open-telemetry/opentelemetry-collector-releases.git
.PHONY: repeat-tags
repeat-tags: delete-tags push-tags
100 changes: 100 additions & 0 deletions cmd/builder/.goreleaser.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ before:
monorepo:
tag_prefix: cmd/builder/
dir: .core/cmd/builder
version: 2
builds:
- flags:
- -trimpath
Expand All @@ -23,6 +24,80 @@ builds:
- goos: windows
goarch: arm64
binary: ocb
dockers:
- goos: linux
goarch: amd64
dockerfile: Dockerfile
image_templates:
- otel/opentelemetry-collector-builder:{{ .Version }}-amd64
- otel/opentelemetry-collector-builder:latest-amd64
- ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-builder:{{ .Version }}-amd64
- ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-builder:latest-amd64
build_flag_templates:
- --pull
- --platform=linux/amd64
- --label=org.opencontainers.image.created={{.Date}}
- --label=org.opencontainers.image.name={{.ProjectName}}
- --label=org.opencontainers.image.revision={{.FullCommit}}
- --label=org.opencontainers.image.version={{.Version}}
- --label=org.opencontainers.image.source={{.GitURL}}
- --label=org.opencontainers.image.licenses=Apache-2.0
- goos: linux
goarch: arm64
dockerfile: Dockerfile
image_templates:
- otel/opentelemetry-collector-builder:{{ .Version }}-arm64
- otel/opentelemetry-collector-builder:latest-arm64
- ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-builder:{{ .Version }}-arm64
- ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-builder:latest-arm64
build_flag_templates:
- --pull
- --platform=linux/arm64
- --label=org.opencontainers.image.created={{.Date}}
- --label=org.opencontainers.image.name={{.ProjectName}}
- --label=org.opencontainers.image.revision={{.FullCommit}}
- --label=org.opencontainers.image.version={{.Version}}
- --label=org.opencontainers.image.source={{.GitURL}}
- --label=org.opencontainers.image.licenses=Apache-2.0
- goos: linux
goarch: ppc64le
dockerfile: Dockerfile
image_templates:
- otel/opentelemetry-collector-builder:{{ .Version }}-ppc64le
- otel/opentelemetry-collector-builder:latest-ppc64le
- ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-builder:{{ .Version }}-ppc64le
- ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-builder:latest-ppc64le
build_flag_templates:
- --pull
- --platform=linux/ppc64le
- --label=org.opencontainers.image.created={{.Date}}
- --label=org.opencontainers.image.name={{.ProjectName}}
- --label=org.opencontainers.image.revision={{.FullCommit}}
- --label=org.opencontainers.image.version={{.Version}}
- --label=org.opencontainers.image.source={{.GitURL}}
- --label=org.opencontainers.image.licenses=Apache-2.0
use: buildx
docker_manifests:
- name_template: otel/opentelemetry-collector-builder:{{ .Version }}
image_templates:
- otel/opentelemetry-collector-builder:{{ .Version }}-amd64
- otel/opentelemetry-collector-builder:{{ .Version }}-arm64
- otel/opentelemetry-collector-builder:{{ .Version }}-ppc64le
- name_template: otel/opentelemetry-collector-builder:latest
image_templates:
- otel/opentelemetry-collector-builder:latest-amd64
- otel/opentelemetry-collector-builder:latest-arm64
- otel/opentelemetry-collector-builder:latest-ppc64le
- name_template: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-builder:{{ .Version }}
image_templates:
- ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-builder:{{ .Version }}-amd64
- ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-builder:{{ .Version }}-arm64
- ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-builder:{{ .Version }}-ppc64le
- name_template: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-builder:latest
image_templates:
- ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-builder:latest-amd64
- ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-builder:latest-arm64
- ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-builder:latest-ppc64le
release:
github:
owner: open-telemetry
Expand All @@ -37,3 +112,28 @@ snapshot:
version_template: "{{ .Tag }}-next"
changelog:
disable: true
signs:
- if: $SKIP_SIGNS != "true"
cmd: cosign
args:
- sign-blob
- --output-signature
- ${artifact}.sig
- --output-certificate
- ${artifact}.pem
- ${artifact}
signature: ${artifact}.sig
artifacts: all
certificate: ${artifact}.pem
docker_signs:
- if: $SKIP_SIGNS != "true"
args:
- sign
- ${artifact}
artifacts: all
sboms:
- id: archive
artifacts: archive
- id: package
artifacts: package

14 changes: 14 additions & 0 deletions cmd/builder/Dockerfile
jackgopack4 marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
FROM golang:1.23-alpine3.20
RUN apk --update add ca-certificates

ARG SERVICE_NAME=ocb

RUN addgroup --gid 10001 --system ${SERVICE_NAME} && \
adduser --ingroup ${SERVICE_NAME} --shell /bin/false \
--disabled-password --uid 10001 ${SERVICE_NAME}

USER ${SERVICE_NAME}
WORKDIR /home/${SERVICE_NAME}

COPY --chmod=755 ocb /usr/local/bin/ocb
ENTRYPOINT [ "ocb" ]