diff --git a/.github/workflows/pr_cockpit.yml b/.github/workflows/pr_cockpit.yml index f81ebb68..26c1d7b1 100644 --- a/.github/workflows/pr_cockpit.yml +++ b/.github/workflows/pr_cockpit.yml @@ -70,10 +70,15 @@ jobs: core.setFailed('Committed Helm charts were not up to date, please regenerate and re-commit!') publish: - name: Publish Docker Image + name: Publish ${{ matrix.runner.arch }} Image permissions: id-token: write - runs-on: ubuntu-latest + runs-on: ${{ matrix.runner.name }} + strategy: + matrix: + runner: + - {name: "ubuntu-latest", arch: "amd64"} + - {name: "ubicloud-standard-8-arm", arch: "arm64"} env: NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }} OCI_REGISTRY_SDP_PASSWORD: ${{ secrets.HARBOR_ROBOT_SDP_GITHUB_ACTION_BUILD_SECRET }} @@ -128,3 +133,40 @@ jobs: if: ${{ !github.event.pull_request.head.repo.fork }} name: Output Image Name and Tag run: echo "IMAGE_TAG=$(make -e print-docker-tag)" >> "$GITHUB_OUTPUT" + + create_manifest_list: + name: Build and publish manifest list + needs: + - publish + runs-on: ubuntu-latest + permissions: + id-token: write + env: + NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }} + OCI_REGISTRY_SDP_PASSWORD: ${{ secrets.HARBOR_ROBOT_SDP_GITHUB_ACTION_BUILD_SECRET }} + OCI_REGISTRY_SDP_USERNAME: "robot$sdp+github-action-build" + OCI_REGISTRY_SDP_CHARTS_PASSWORD: ${{ secrets.HARBOR_ROBOT_SDP_CHARTS_GITHUB_ACTION_BUILD_SECRET }} + OCI_REGISTRY_SDP_CHARTS_USERNAME: "robot$sdp-charts+github-action-build" + steps: + - name: Install cosign + uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0 + - name: Checkout + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + submodules: recursive + # This step checks if the current run was triggered by a push to a pr (or a pr being created). + # If this is the case it changes the version of this project in all Cargo.toml files to include the suffix + # "-pr" so that the published artifacts can be linked to this PR. + - uses: stackabletech/cargo-install-action@main + with: + crate: cargo-edit + bin: cargo-set-version + - name: Update version if PR + if: ${{ github.event_name == 'pull_request' }} + run: cargo set-version --offline --package stackable-cockpit 0.0.0-pr${{ github.event.pull_request.number }} + - name: Build manifest list + run: | + # Creating manifest list + make -e docker-manifest-list-build + # Pushing and signing manifest list + make -e docker-manifest-list-publish diff --git a/docker/Dockerfile b/docker/Dockerfile index f92a1b73..c4b4674d 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,13 +1,14 @@ # Using inlined version of ubi8-rust-builder, ends at ## END OF ubi8-rust-builder # Each modification (apart from removing ONBUILD clauses) should be preceded by a ## PATCH comment explaining the change #FROM docker.stackable.tech/stackable/ubi8-rust-builder AS builder -FROM registry.access.redhat.com/ubi8/ubi-minimal:8.7@sha256:3e1adcc31c6073d010b8043b070bd089d7bf37ee2c397c110211a6273453433f AS builder +FROM registry.access.redhat.com/ubi8/ubi-minimal@sha256:987ae81ce046652ee4a2c3df54dad5e82faa1b078dab5d09f7cfaae11784ed30 AS builder LABEL maintainer="Stackable GmbH" # https://github.com/hadolint/hadolint/wiki/DL4006 SHELL ["/bin/bash", "-o", "pipefail", "-c"] # Update image and install everything needed for Rustup & Rust +# hadolint ignore=DL3041 RUN microdnf update --disablerepo=* --enablerepo=ubi-8-appstream-rpms --enablerepo=ubi-8-baseos-rpms -y \ && rm -rf /var/cache/yum \ && microdnf install --disablerepo=* --enablerepo=ubi-8-appstream-rpms --enablerepo=ubi-8-baseos-rpms curl findutils gcc gcc-c++ make cmake openssl-devel pkg-config systemd-devel unzip tar xz clang krb5-libs libkadm5 -y \ @@ -57,8 +58,8 @@ COPY docker/ubi8-rust-builder/copy_artifacts.sh / WORKDIR /src COPY . /src -# hadolint ignore=SC1091 ## PATCH: disabled cyclonedx, run yarn install, build stackable-cockpitd with ui feature enabled +# hadolint ignore=SC1091 RUN . "$HOME/.cargo/env" && yarn && cargo build --release --workspace --features stackable-cockpitd/ui # ONBUILD RUN . "$HOME/.cargo/env" && cargo auditable build --release --workspace && cargo cyclonedx --output-pattern package --all --output-cdx @@ -79,6 +80,7 @@ RUN find /src/target/release \ RUN echo "The following files will be copied to the runtime image: $(ls /app)" ## END OF ubi8-rust-builder +# hadolint ignore=DL3006 FROM registry.access.redhat.com/ubi8/ubi-minimal AS operator ARG VERSION @@ -93,12 +95,14 @@ LABEL name="Stackable Cockpit" \ description="Deploy and manage Stackable clusters." # Update image +# hadolint ignore=DL3041 RUN microdnf install -y yum \ && yum -y update-minimal --security --sec-severity=Important --sec-severity=Critical \ && yum clean all \ && microdnf clean all # Install kerberos client libraries +# hadolint ignore=DL3041 RUN microdnf install -y krb5-libs libkadm5 && microdnf clean all #COPY LICENSE /licenses/LICENSE