Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

replace skopeo action with skopeo image #5760

Merged
merged 5 commits into from
Jun 14, 2024
Merged

replace skopeo action with skopeo image #5760

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
841f873
add NGINX_PLUS_VERSION to common docker target
pdabelf5 Jun 14, 2024
261ca1e
allow to skip all release steps
pdabelf5 Jun 14, 2024
022e690
add skopeo docker image
pdabelf5 Jun 14, 2024
abf7034
Merge branch 'main' into tidy-rel-workflow
oseoin Jun 14, 2024
cfcf078
Merge branch 'main' into tidy-rel-workflow
pdabelf5 Jun 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 0 additions & 33 deletions .github/actions/install-skopeo/action.yml
View file
Open in desktop

This file was deleted.

47 changes: 26 additions & 21 deletions .github/scripts/copy-images.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,14 @@

set -eo pipefail

# shellcheck disable=SC2155
export ROOTDIR=$(git rev-parse --show-toplevel || echo ".")

SKOPEO_BIN=skopeo
if [ -n "$CI" ]; then
SKOPEO_BIN="docker run --rm -v $HOME/.docker/config.json:/tmp/auth.json $(grep skopeo "${ROOTDIR}/tests/Dockerfile" | grep FROM | cut -d ' ' -f 2)"
fi

## Setup inputs

SOURCE_TAG=${SOURCE_TAG:-stable}
Expand Down Expand Up @@ -31,22 +39,19 @@ SOURCE_NAP_WAF_IMAGE_PREFIX=${SOURCE_NAP_WAF_IMAGE_PREFIX:-"nginx-ic-nap/nginx-p
SOURCE_NAP_WAFV5_IMAGE_PREFIX=${SOURCE_NAP_WAFV5_IMAGE_PREFIX:-"nginx-ic-nap-v5/nginx-plus-ingress"}
SOURCE_NAP_DOS_IMAGE_PREFIX=${SOURCE_NAP_DOS_IMAGE_PREFIX:-"nginx-ic-dos/nginx-plus-ingress"}
SOURCE_NAP_WAF_DOS_IMAGE_PREFIX=${SOURCE_NAP_WAF_DOS_IMAGE_PREFIX:-"nginx-ic-dos-nap/nginx-plus-ingress"}
SOURCE_NAP_WAFV5_DOS_IMAGE_PREFIX=${SOURCE_NAP_WAFV5_DOS_IMAGE_PREFIX:-"nginx-ic-dos-nap-v5/nginx-plus-ingress"}

TARGET_PLUS_IMAGE_PREFIX=${TARGET_PLUS_IMAGE_PREFIX:-"nginx-ic/nginx-plus-ingress"}
TARGET_NAP_WAF_IMAGE_PREFIX=${TARGET_NAP_WAF_IMAGE_PREFIX:-"nginx-ic-nap/nginx-plus-ingress"}
TARGET_NAP_WAFV5_IMAGE_PREFIX=${TARGET_NAP_WAFV5_IMAGE_PREFIX:-"nginx-ic-nap/nginx-plus-ingress"}
TARGET_NAP_DOS_IMAGE_PREFIX=${TARGET_NAP_DOS_IMAGE_PREFIX:-"nginx-ic-dos/nginx-plus-ingress"}
TARGET_NAP_WAF_DOS_IMAGE_PREFIX=${TARGET_NAP_WAF_DOS_IMAGE_PREFIX:-"nginx-ic-dos-nap/nginx-plus-ingress"}
TARGET_NAP_WAFV5_DOS_IMAGE_PREFIX=${TARGET_NAP_WAFV5_DOS_IMAGE_PREFIX:-"nginx-ic-dos-nap-v5/nginx-plus-ingress"}

declare -a OSS_TAG_POSTFIX_LIST=("" "-ubi" "-alpine")
declare -a PLUS_TAG_POSTFIX_LIST=("" "-ubi" "-alpine" "-alpine-fips")
declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-ubi" "-alpine-fips")
declare -a NAP_WAFV5_TAG_POSTFIX_LIST=()
declare -a NAP_WAFV5_TAG_POSTFIX_LIST=("" "-ubi" "-alpine-fips")
declare -a NAP_DOS_TAG_POSTFIX_LIST=("" "-ubi")
declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("" "-ubi")
declare -a NAP_WAFV5_DOS_TAG_POSTFIX_LIST=()
declare -a ADDITIONAL_TAGS=("latest" "${ADDITIONAL_TAG}")

CONFIG_PATH=${CONFIG_PATH:-~/.nic-release/config}
Expand Down Expand Up @@ -89,7 +94,7 @@ if $PUBLISH_OSS; then
new_tag=${TARGET_REGISTRY}/${TARGET_OSS_IMAGE_PREFIX}:${TARGET_TAG}${postfix}
echo " Pushing image OSS ${new_tag}..."
if ! $DRY_RUN; then
skopeo copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${new_tag}
${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${new_tag}
fi
for tag in "${ADDITIONAL_TAGS[@]}"; do
if [ -z "${tag}" ]; then
Expand All @@ -98,7 +103,7 @@ if $PUBLISH_OSS; then
additional_tag=${TARGET_REGISTRY}/${TARGET_OSS_IMAGE_PREFIX}:${tag}${postfix}
echo " Pushing image OSS ${additional_tag}..."
if ! $DRY_RUN; then
skopeo copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${additional_tag}
${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${additional_tag}
fi
done
done
Expand All @@ -111,12 +116,12 @@ if $PUBLISH_PLUS; then
image=${SOURCE_REGISTRY}/${SOURCE_PLUS_IMAGE_PREFIX}:${SOURCE_TAG}${postfix}
echo "Processing image ${image}"
new_tag=${TARGET_REGISTRY}/${TARGET_PLUS_IMAGE_PREFIX}:${TARGET_TAG}${postfix}
if $IS_IMMUTABLE && skopeo --override-os linux --override-arch amd64 inspect docker://${new_tag} > /dev/null 2>&1; then
if $IS_IMMUTABLE && ${SKOPEO_BIN} --override-os linux --override-arch amd64 inspect docker://${new_tag} > /dev/null 2>&1; then
echo " ECR is immutable & tag ${new_tag} already exists, skipping."
else
echo " Pushing image Plus ${new_tag}..."
if ! $DRY_RUN; then
skopeo copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${new_tag}
${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${new_tag}
fi
for tag in "${ADDITIONAL_TAGS[@]}"; do
if [ -z "${tag}" ]; then
Expand All @@ -125,7 +130,7 @@ if $PUBLISH_PLUS; then
additional_tag=${TARGET_REGISTRY}/${TARGET_PLUS_IMAGE_PREFIX}:${tag}${postfix}
echo " Pushing image Plus ${additional_tag}..."
if ! $DRY_RUN; then
skopeo copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${additional_tag}
${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${additional_tag}
fi
done
fi
Expand All @@ -139,12 +144,12 @@ if $PUBLISH_WAF; then
image=${SOURCE_REGISTRY}/${SOURCE_NAP_WAF_IMAGE_PREFIX}:${SOURCE_TAG}${postfix}
echo "Processing image ${image}"
new_tag=${TARGET_REGISTRY}/${TARGET_NAP_WAF_IMAGE_PREFIX}:${TARGET_TAG}${postfix}
if $IS_IMMUTABLE && skopeo --override-os linux --override-arch amd64 inspect docker://${new_tag} > /dev/null 2>&1; then
if $IS_IMMUTABLE && ${SKOPEO_BIN} --override-os linux --override-arch amd64 inspect docker://${new_tag} > /dev/null 2>&1; then
echo " ECR is immutable & tag ${new_tag} already exists, skipping."
else
echo " Pushing image NAP WAF ${new_tag}..."
if ! $DRY_RUN; then
skopeo copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${new_tag}
${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${new_tag}
fi
for tag in "${ADDITIONAL_TAGS[@]}"; do
if [ -z "${tag}" ]; then
Expand All @@ -153,7 +158,7 @@ if $PUBLISH_WAF; then
additional_tag=${TARGET_REGISTRY}/${TARGET_NAP_WAF_IMAGE_PREFIX}:${tag}${postfix}
echo " Pushing image NAP WAF ${additional_tag}..."
if ! $DRY_RUN; then
skopeo copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${additional_tag}
${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${additional_tag}
fi
done
fi
Expand All @@ -162,12 +167,12 @@ if $PUBLISH_WAF; then
image=${SOURCE_REGISTRY}/${SOURCE_NAP_WAFV5_IMAGE_PREFIX}:${SOURCE_TAG}${postfix}
echo "Processing image ${image}"
new_tag=${TARGET_REGISTRY}/${TARGET_NAP_WAFV5_IMAGE_PREFIX}:${TARGET_TAG}${postfix}
if $IS_IMMUTABLE && skopeo --override-os linux --override-arch amd64 inspect docker://${new_tag} > /dev/null 2>&1; then
if $IS_IMMUTABLE && ${SKOPEO_BIN} --override-os linux --override-arch amd64 inspect docker://${new_tag} > /dev/null 2>&1; then
echo " ECR is immutable & tag ${new_tag} already exists, skipping."
else
echo " Pushing image NAP WAFV5 ${new_tag}..."
if ! $DRY_RUN; then
skopeo copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${new_tag}
${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${new_tag}
fi
for tag in "${ADDITIONAL_TAGS[@]}"; do
if [ -z "${tag}" ]; then
Expand All @@ -176,7 +181,7 @@ if $PUBLISH_WAF; then
additional_tag=${TARGET_REGISTRY}/${TARGET_NAP_WAFV5_IMAGE_PREFIX}:${tag}${postfix}
echo " Pushing image NAP WAFV5 ${additional_tag}..."
if ! $DRY_RUN; then
skopeo copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${additional_tag}
${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${additional_tag}
fi
done
fi
Expand All @@ -190,12 +195,12 @@ if $PUBLISH_DOS; then
image=${SOURCE_REGISTRY}/${SOURCE_NAP_DOS_IMAGE_PREFIX}:${SOURCE_TAG}${postfix}
echo "Processing image ${image}"
new_tag=${TARGET_REGISTRY}/${TARGET_NAP_DOS_IMAGE_PREFIX}:${TARGET_TAG}${postfix}
if $IS_IMMUTABLE && skopeo --override-os linux --override-arch amd64 inspect docker://${new_tag} > /dev/null 2>&1; then
if $IS_IMMUTABLE && ${SKOPEO_BIN} --override-os linux --override-arch amd64 inspect docker://${new_tag} > /dev/null 2>&1; then
echo " ECR is immutable & tag ${new_tag} already exists, skipping."
else
echo " Pushing image NAP DOS ${new_tag}..."
if ! $DRY_RUN; then
skopeo copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${new_tag}
${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${new_tag}
fi
for tag in "${ADDITIONAL_TAGS[@]}"; do
if [ -z "${tag}" ]; then
Expand All @@ -204,7 +209,7 @@ if $PUBLISH_DOS; then
additional_tag=${TARGET_REGISTRY}/${TARGET_NAP_DOS_IMAGE_PREFIX}:${tag}${postfix}
echo " Pushing image NAP DOS ${additional_tag}..."
if ! $DRY_RUN; then
skopeo copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${additional_tag}
${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${additional_tag}
fi
done
fi
Expand All @@ -218,12 +223,12 @@ if $PUBLISH_WAF_DOS; then
image=${SOURCE_REGISTRY}/${SOURCE_NAP_WAF_DOS_IMAGE_PREFIX}:${SOURCE_TAG}${postfix}
echo "Processing image ${image}"
new_tag=${TARGET_REGISTRY}/${TARGET_NAP_WAF_DOS_IMAGE_PREFIX}:${TARGET_TAG}${postfix}
if $IS_IMMUTABLE && skopeo --override-os linux --override-arch amd64 inspect docker://${new_tag} > /dev/null 2>&1; then
if $IS_IMMUTABLE && ${SKOPEO_BIN} --override-os linux --override-arch amd64 inspect docker://${new_tag} > /dev/null 2>&1; then
echo " ECR is immutable & tag ${new_tag} already exists, skipping."
else
echo " Pushing image NAP WAF/DOS ${new_tag}..."
if ! $DRY_RUN; then
skopeo copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${new_tag}
${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${new_tag}
fi
for tag in "${ADDITIONAL_TAGS[@]}"; do
if [ -z "${tag}" ]; then
Expand All @@ -232,7 +237,7 @@ if $PUBLISH_WAF_DOS; then
additional_tag=${TARGET_REGISTRY}/${TARGET_NAP_WAF_DOS_IMAGE_PREFIX}:${tag}${postfix}
echo " Pushing image NAP WAF/DOS ${additional_tag}..."
if ! $DRY_RUN; then
skopeo copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${additional_tag}
${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${additional_tag}
fi
done
fi
Expand Down
43 changes: 43 additions & 0 deletions .github/scripts/create-release-tarballs.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
#!/usr/bin/env bash

set -e

directory=$1
version=$2
tarball_dir=${TARBALL_DIR:-tarballs}
releases=$(find "${directory}" -mindepth 1 -type d)
syft_binary=${SYFT_BIN:-"syft"}
cosign_binary=${COSIGN_BIN:-"cosign"}

if [ ! -d "${tarball_dir}" ]; then
mkdir "${tarball_dir}"
fi

for i in ${releases}; do
# fix for v1 in kubernetes-ingress_linux_amd64_v1
if [[ ${i} =~ v1 ]]; then
mv "${i}" "${i%*_v1}"
i=${i%*_v1}
fi

if [[ ${i} =~ aws ]]; then
continue
fi
product_name=$(basename "${i}" | cut -d '_' -f 1)
product_arch=$(echo "${i}" | cut -d '_' -f 2-)
product_release="${product_name}_${version}_${product_arch}"
# shellcheck disable=SC2086
tarball_name="${tarball_dir}/${product_release}.tar.gz"
cp -r "${i}" "${directory}/${product_release}"
cp README.md LICENSE CHANGELOG.md "${directory}/${product_release}"

tar -czf "${tarball_name}" "${directory}/${product_release}"
${syft_binary} scan file:"${directory}/${product_release}/nginx-ingress" -o spdx-json > "${tarball_name}.spdx.json"
pushd "${tarball_dir}"
sha256sum "${product_release}.tar.gz" >> "${product_name}_${version}_checksums.txt"
sha256sum "${product_release}.tar.gz.spdx.json" >> "${product_name}_${version}_checksums.txt"
popd
done

checksum_file=$(ls "${tarball_dir}"/*_checksums.txt )
${cosign_binary} sign-blob "${checksum_file}" --output-signature="${checksum_file}.sig" --output-certificate="${checksum_file}.pem" -y
15 changes: 0 additions & 15 deletions .github/workflows/oss-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,9 +94,6 @@ jobs:
username: oauth2accesstoken
password: ${{ steps.gcr-auth.outputs.access_token }}

- name: Install latest skopeo
uses: ./.github/actions/install-skopeo

- name: Publish OSS images
run: |
export CONFIG_PATH=.github/config/config-oss-gcr-release
Expand Down Expand Up @@ -147,9 +144,6 @@ jobs:
with:
registry: public.ecr.aws

- name: Install latest skopeo
uses: ./.github/actions/install-skopeo

- name: Publish images
run: |
export CONFIG_PATH=.github/config/config-oss-ecr
Expand Down Expand Up @@ -195,9 +189,6 @@ jobs:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}

- name: Install latest skopeo
uses: ./.github/actions/install-skopeo

- name: Publish images
run: |
export CONFIG_PATH=.github/config/config-oss-dockerhub
Expand Down Expand Up @@ -244,9 +235,6 @@ jobs:
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_ROBOT_TOKEN }}

- name: Install latest skopeo
uses: ./.github/actions/install-skopeo

- name: Publish images
run: |
export CONFIG_PATH=.github/config/config-oss-quay
Expand Down Expand Up @@ -294,9 +282,6 @@ jobs:
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Install latest skopeo
uses: ./.github/actions/install-skopeo

- name: Publish images
run: |
export CONFIG_PATH=.github/config/config-oss-github
Expand Down
15 changes: 0 additions & 15 deletions .github/workflows/plus-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,9 +94,6 @@ jobs:
username: oauth2accesstoken
password: ${{ steps.gcr-auth.outputs.access_token }}

- name: Install latest skopeo
uses: ./.github/actions/install-skopeo

- name: Publish Plus images
run: |
export CONFIG_PATH=.github/config/config-plus-gcr-release
Expand Down Expand Up @@ -151,9 +148,6 @@ jobs:
username: ${{ steps.idtoken.outputs.id_token }}
password: ${{ github.actor }}

- name: Install latest skopeo
uses: ./.github/actions/install-skopeo

- name: Publish images
run: |
export CONFIG_PATH=.github/config/config-plus-nginx
Expand Down Expand Up @@ -194,9 +188,6 @@ jobs:
workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY_MKTPL }}
service_account: ${{ secrets.GCR_SERVICE_ACCOUNT_MKTPL }}

- name: Install latest skopeo
uses: ./.github/actions/install-skopeo

- name: Publish Plus images
run: |
export CONFIG_PATH=.github/config/config-plus-gcr-public
Expand Down Expand Up @@ -249,9 +240,6 @@ jobs:
with:
registry: 709825985650.dkr.ecr.us-east-1.amazonaws.com

- name: Install latest skopeo
uses: ./.github/actions/install-skopeo

- name: Publish images
run: |
export CONFIG_PATH=.github/config/config-plus-ecr
Expand Down Expand Up @@ -295,9 +283,6 @@ jobs:
username: ${{ secrets.AZ_MKTPL_ID }}
password: ${{ secrets.AZ_MKTPL_SECRET }}

- name: Install latest skopeo
uses: ./.github/actions/install-skopeo

- name: Publish images
run: |
export CONFIG_PATH=.github/config/config-plus-azure
Expand Down
Loading
Loading