Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pr/michi/release image workflow #2882

Draft
wants to merge 4 commits into
base: main
Choose a base branch
from
+113 −21
Draft

Pr/michi/release image workflow #2882

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
aed83dc
Enable multi-arch Docker build
marcofranssen Aug 29, 2024
f996cce
Use different GitHub environment for the images
marcofranssen Nov 27, 2024
d2ae246
no curl
michi-covalent Dec 8, 2024
c6cfc8b
Add release image workflow
michi-covalent Dec 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 15 additions & 10 deletions .github/workflows/images.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,14 +20,19 @@ concurrency:
jobs:
build-and-push-prs:
if: ${{ github.repository == 'cilium/cilium-cli' }}
environment: ci
environment: ${{ matrix.gh-env }}
runs-on: ubuntu-24.04
strategy:
matrix:
include:
- name: cilium-cli
dockerfile: ./Dockerfile
platforms: linux/amd64,linux/arm64
gh-env: release
- name: cilium-cli-ci
dockerfile: ./Dockerfile
platforms: linux/amd64
gh-env: ci

steps:
- name: Set up Docker Buildx
Expand Down Expand Up @@ -57,10 +62,10 @@ jobs:
ref: ${{ steps.tag.outputs.tag }}

# main branch or tag pushes
- name: CI Build ${{ matrix.name }}
- name: Build ${{ matrix.name }}
if: ${{ github.event_name != 'pull_request_target' }}
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
id: docker_build_ci_main
id: docker_build_main
with:
context: .
file: ${{ matrix.dockerfile }}
Expand All @@ -71,19 +76,19 @@ jobs:
quay.io/${{ github.repository_owner }}/${{ matrix.name }}:latest
quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}

- name: CI Image Releases digests
- name: Image Releases digests
if: ${{ github.event_name != 'pull_request_target' }}
shell: bash
run: |
mkdir -p image-digest/
echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}:latest@${{ steps.docker_build_ci_main.outputs.digest }}" > image-digest/${{ matrix.name }}.txt
echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_ci_main.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt
echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}:latest@${{ steps.docker_build_main.outputs.digest }}" > image-digest/${{ matrix.name }}.txt
echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_main.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt

# PR updates
- name: CI Build ${{ matrix.name }}
- name: Build ${{ matrix.name }}
if: ${{ github.event_name == 'pull_request_target' }}
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
id: docker_build_ci_pr
id: docker_build_pr
with:
context: .
file: ${{ matrix.dockerfile }}
Expand All @@ -93,12 +98,12 @@ jobs:
tags: |
quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}

- name: CI Image Releases digests
- name: Image Releases digests
if: ${{ github.event_name == 'pull_request_target' }}
shell: bash
run: |
mkdir -p image-digest/
echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_ci_pr.outputs.digest }}" > image-digest/${{ matrix.name }}.txt
echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_pr.outputs.digest }}" > image-digest/${{ matrix.name }}.txt

# Upload artifact digests
- name: Upload artifact digests
Expand Down
74 changes: 74 additions & 0 deletions .github/workflows/release-image.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
on:
push:
tags:
- 'v*'

name: Release Image

jobs:
build-image:
name: Create Release Image
runs-on: ubuntu-24.04
environment: release
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1

- name: Login to quay.io for release
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: quay.io
username: ${{ secrets.QUAY_RELEASE_USERNAME }}
password: ${{ secrets.QUAY_RELEASE_TOKEN }}

- name: Checkout Source Code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Release Image Build cilium-cli
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
id: docker_build_release
with:
context: .
file: Dockerfile
target: cilium-cli
platforms: linux/amd64,linux/arm64
push: true
tags: |
quay.io/${{ github.repository_owner }}/cilium-cli:latest
quay.io/${{ github.repository_owner }}/cilium-cli:${{ github.ref_name }}

- name: Release Image digest
shell: bash
run: |
mkdir -p image-digest/
echo "quay.io/${{ github.repository_owner }}/cilium-cli:latest@${{ steps.docker_build_release.outputs.digest }}" > image-digest/cilium-cli.txt
echo "quay.io/${{ github.repository_owner }}/cilium-cli:${{ github.ref_name }}@${{ steps.docker_build_release.outputs.digest }}" >> image-digest/cilium-cli.txt

- name: Upload artifact digests
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: image-digest cilium-cli
path: image-digest
retention-days: 1

image-digests:
name: Display Digests
runs-on: ubuntu-24.04
needs: [build-image]
steps:
- name: Downloading Image Digests
shell: bash
run: |
mkdir -p image-digest/

- name: Download digests of all images built
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
path: image-digest/
pattern: "*image-digest *"

- name: Image Digests Output
shell: bash
run: |
cd image-digest/
find -type f | sort | xargs -d '\n' cat
31 changes: 23 additions & 8 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,26 +3,41 @@
# Copyright Authors of Cilium
# SPDX-License-Identifier: Apache-2.0

FROM docker.io/library/golang:1.23.4-alpine3.19@sha256:5f3336882ad15d10ac1b59fbaba7cb84c35d4623774198b36ae60edeba45fd84 AS builder
FROM --platform=${BUILDPLATFORM} docker.io/library/golang:1.23.4-alpine3.19@sha256:5f3336882ad15d10ac1b59fbaba7cb84c35d4623774198b36ae60edeba45fd84 AS base
RUN apk add --no-cache --update ca-certificates git make
WORKDIR /go/src/github.com/cilium/cilium-cli
RUN apk add --no-cache curl git make ca-certificates
COPY go.* .
RUN --mount=type=cache,target=/go/pkg/mod go mod download
COPY . .
RUN make

# xx is a helper for cross-compilation
FROM --platform=$BUILDPLATFORM tonistiigi/xx:1.5.0@sha256:0c6a569797744e45955f39d4f7538ac344bfb7ebf0a54006a0a4297b153ccf0f AS xx

FROM --platform=${BUILDPLATFORM} base AS builder
ARG TARGETPLATFORM
ARG TARGETARCH
COPY --link --from=xx / /
RUN --mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg/mod \
xx-go --wrap && \
make && \
xx-verify --static /go/src/github.com/cilium/cilium-cli/cilium

# cilium-cli is from scratch only including cilium binaries
FROM scratch AS cilium-cli
ENTRYPOINT ["cilium"]
FROM --platform=${BUILDPLATFORM} scratch AS cilium-cli
ENTRYPOINT [""]
USER 1000:1000
LABEL maintainer="[email protected]"
WORKDIR /root/app
COPY --from=builder --chown=root:root --chmod=755 /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=builder /go/src/github.com/cilium/cilium-cli/cilium /usr/local/bin/cilium
COPY --link --from=builder --chown=root:root --chmod=755 /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --link --from=builder --chown=1000:1000 --chmod=755 /go/src/github.com/cilium/cilium-cli/cilium /usr/local/bin/cilium

# cilium-cli-ci is based on ubuntu with cloud CLIs
FROM ubuntu:24.04@sha256:80dd3c3b9c6cecb9f1667e9290b3bc61b78c2678c02cbdae5f0fea92cc6734ab AS cilium-cli-ci
ENTRYPOINT []
LABEL maintainer="[email protected]"
WORKDIR /root/app
COPY --from=builder /go/src/github.com/cilium/cilium-cli/cilium /usr/local/bin/cilium
COPY --link --from=builder /go/src/github.com/cilium/cilium-cli/cilium /usr/local/bin/cilium

# Install cloud CLIs. Based on these instructions:
# - https://cloud.google.com/sdk/docs/install#deb
Expand Down
4 changes: 1 addition & 3 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,15 +7,13 @@ GO_TAGS ?=
TARGET=cilium
INSTALL = $(QUIET)install
BINDIR ?= /usr/local/bin
CILIUM_VERSION=$(shell curl -s https://raw.githubusercontent.com/cilium/cilium/main/stable.txt)
CLI_VERSION=$(shell git describe --tags --always)
STRIP_DEBUG=-w -s
ifdef DEBUG
STRIP_DEBUG=
endif
GO_BUILD_LDFLAGS ?= $(STRIP_DEBUG) \
-X 'github.com/cilium/cilium/cilium-cli/defaults.CLIVersion=$(CLI_VERSION)' \
-X 'github.com/cilium/cilium/cilium-cli/defaults.Version=$(CILIUM_VERSION)'
-X 'github.com/cilium/cilium/cilium-cli/defaults.CLIVersion=$(CLI_VERSION)'

TEST_TIMEOUT ?= 5s
RELEASE_UID ?= $(shell id -u)
Expand Down
Loading