evrardjp · pull · Jun 19, 2023 · Jun 22, 2023 · Jun 22, 2023 · Jun 22, 2023
diff --git a/.DS_Store b/.DS_Store
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -1,45 +1,57 @@
-name: build
+name: pr
 
 on:
   push:
-    branches:
-      - 'master'
-    tags:
-      - 'v*'
   pull_request:
-    branches:
-      - 'master'
+
+env:
+  REGISTRY: ghcr.io
 
 jobs:
-  release:
-    name: Create Build
+  pr-tests:
+    name: Build and test images
     runs-on: ubuntu-latest
     strategy:
       matrix:
         component: [webhook, api, operator]
+        arch: [amd64]
     steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v3
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Find current tag version
+        run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+        id: tags
+
+      - uses: actions/setup-go@v5
         with:
-          images: cagip/kubi-${{ matrix.component }}
-      -
-        name: Login to DockerHub
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v1
+          go-version: '1.23'
+
+      - name: run tests
+        run: make test
+
+      - uses: goreleaser/goreleaser-action@v6
         with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Build and push
-        uses: docker/build-push-action@v2
+          distribution: goreleaser
+          version: v2.5.0
+          args: release --snapshot --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ORG: ${{ github.REPOSITORY_OWNER }}
+
+      - name: Login to container registry
+        # Pull requests are targetting ca-gip/kubi and should not push an image
+        # Only push images for the fork's repository
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
         with:
-          context: .
-          file: Dockerfile.${{ matrix.component }}
-          push: ${{ GitHub.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Push development image into ghcr (packages)
+        # Pull requests are targetting ca-gip/kubi and should not push an image
+        # Only push images for the fork's repository
+        if: github.event_name != 'pull_request'
+        run: |
+          docker push ${{ env.REGISTRY }}/${{ github.REPOSITORY_OWNER }}/kubi-${{ matrix.component }}:${{ steps.tags.outputs.sha_short }}-${{ matrix.arch }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -1,31 +1,67 @@
-name: release
+name: Tag repo
 
 on:
   push:
     tags:
       - "*"
 
+env:
+  REGISTRY: docker.io
+
+permissions:
+  contents: read
+
 jobs:
   release:
-    name: Create Release
+    permissions:
+      id-token: write
+      contents: write
+      packages: write
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        component: [webhook, api, operator]
+        arch: [amd64]
     steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      -
-        name: Set up Go
-        uses: actions/setup-go@v2
+      - run: git fetch --force --tags
+
+      - name: Find current sha version
+        run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+        id: sha
+
+      - name: Find current tag version
+        run: echo "version=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
+        id: tag
+
+      - uses: actions/setup-go@v5
         with:
-          go-version: 1.17
-      -
-        name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v2
+          go-version: '1.23'
+
+      - name: run tests to ensure it is still releasable
+        run: make test
+
+      - uses: goreleaser/goreleaser-action@v6
         with:
-          version: latest
-          args: release --rm-dist
-          workdir: ./cmd/operator
+          distribution: goreleaser
+          version: v2.5.0
+          args: release --snapshot --clean
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ORG: ${{ github.REPOSITORY_OWNER }}
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Push development image into dockerhub
+        run: |
+          docker images #display currently built images to ensure next calls will happen correctly
+          docker tag ghcr.io/ca-gip/kubi-${{ matrix.component }}:${{ steps.sha.outputs.sha_short }}-${{ matrix.arch }} cagip/kubi-${{ matrix.component }}:${{ steps.sha.outputs.sha_short }}-${{ matrix.arch }}
+          docker push cagip/kubi-${{ matrix.component }}:${{ steps.sha.outputs.sha_short }}-${{ matrix.arch }}
+          docker tag ghcr.io/ca-gip/kubi-${{ matrix.component }}:${{ steps.sha.outputs.sha_short }}-${{ matrix.arch }} cagip/kubi-${{ matrix.component }}:${{ steps.tag.outputs.version }}
+          docker push cagip/kubi-${{ matrix.component }}:${{ steps.tag.outputs.version }}
diff --git a/.gitignore b/.gitignore
@@ -3,4 +3,5 @@ vendor
 coverage.*
 kubi
 bin
-build/*
+hack/bin
+dist/
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -0,0 +1,115 @@
+version: 2
+project_name: kubi
+before:
+  hooks:
+    - make clean
+    - make deps
+builds:
+  - main: ./cmd/api/main.go
+    id: api
+    binary: kubi-api
+    env:
+      - CGO_ENABLED=0
+    goarch:
+      - amd64
+      - arm64
+    goos:
+      - linux
+    ldflags:
+      - -s -w -X main.version={{ if .IsSnapshot }}{{ .ShortCommit }}{{ else }}{{ .Version }}{{ end }}
+    mod_timestamp: "{{ .CommitTimestamp }}"
+    flags:
+      - -trimpath
+
+  - main: ./cmd/authorization-webhook/main.go
+    id: webhook
+    binary: kubi-webhook
+    env:
+      - CGO_ENABLED=0
+    goarch:
+      - amd64
+      - arm64
+    goos:
+      - linux
+    ldflags:
+      - -s -w -X main.version={{ if .IsSnapshot }}{{ .ShortCommit }}{{ else }}{{ .Version }}{{ end }}
+    mod_timestamp: "{{ .CommitTimestamp }}"
+    flags:
+      - -trimpath
+
+  - main: ./cmd/operator/main.go
+    id: operator
+    binary: kubi-operator
+    env:
+      - CGO_ENABLED=0
+    goarch:
+      - amd64
+      - arm64
+    goos:
+      - linux
+    ldflags:
+      - -s -w -X main.version={{ if .IsSnapshot }}{{ .ShortCommit }}{{ else }}{{ .Version }}{{ end }}
+    mod_timestamp: "{{ .CommitTimestamp }}"
+    flags:
+      - -trimpath
+
+dockers:
+  - id: docker-operator
+    ids:
+      - operator
+    use: buildx
+    build_flag_templates:
+      - "--pull"
+      - "--platform=linux/amd64"
+      - "--build-arg=BINARYNAME=operator"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.title={{.ProjectName}}-operator"
+      - "--label=org.opencontainers.image.source=https://github.com/{{.Env.ORG}}/{{.ProjectName}}"
+      - "--label=org.opencontainers.image.url=https://github.com/{{.Env.ORG}}/{{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+    image_templates:
+    - "ghcr.io/{{.Env.ORG}}/{{.ProjectName}}-operator:{{.ShortCommit}}-amd64"
+
+  - id: docker-api
+    ids:
+      - api
+    use: buildx
+    build_flag_templates:
+      - "--pull"
+      - "--platform=linux/amd64"
+      - "--build-arg=BINARYNAME=api"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.title={{.ProjectName}}-api"
+      - "--label=org.opencontainers.image.source=https://github.com/{{.Env.ORG}}/{{.ProjectName}}"
+      - "--label=org.opencontainers.image.url=https://github.com/{{.Env.ORG}}/{{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+    image_templates:
+    - "ghcr.io/{{.Env.ORG}}/{{.ProjectName}}-api:{{.ShortCommit}}-amd64"
+
+  - id: docker-webhook
+    ids:
+      - webhook
+    use: buildx
+    build_flag_templates:
+      - "--pull"
+      - "--platform=linux/amd64"
+      - "--build-arg=BINARYNAME=webhook"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.title={{.ProjectName}}-webhook"
+      - "--label=org.opencontainers.image.source=https://github.com/{{.Env.ORG}}/{{.ProjectName}}"
+      - "--label=org.opencontainers.image.url=https://github.com/{{.Env.ORG}}/{{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+    image_templates:
+    - "ghcr.io/{{.Env.ORG}}/{{.ProjectName}}-webhook:{{.ShortCommit}}-amd64"
+
+snapshot:
+  version_template: "{{ .ShortCommit }}"
+
+release:
+  disable: true
+
+changelog:
+  disable: true
-Original file line number
+Diff line change
@@ Expand Up / @@ -3,4 +3,5 @@ vendor @@
     coverage.*
     kubi
     bin
-    build/*
+    hack/bin
+    dist/