From 3ad3b758b16adc48befb0fff6c8513867bb97811 Mon Sep 17 00:00:00 2001 From: xeniape Date: Thu, 17 Oct 2024 09:43:35 +0200 Subject: [PATCH 1/5] add multiarch to cockpit workflow --- .github/workflows/pr_cockpit.yml | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr_cockpit.yml b/.github/workflows/pr_cockpit.yml index f81ebb68..4cb0c862 100644 --- a/.github/workflows/pr_cockpit.yml +++ b/.github/workflows/pr_cockpit.yml @@ -70,10 +70,15 @@ jobs: core.setFailed('Committed Helm charts were not up to date, please regenerate and re-commit!') publish: - name: Publish Docker Image + name: Publish ${{ matrix.runner.arch }} Image permissions: id-token: write - runs-on: ubuntu-latest + runs-on: ${{ matrix.runner.name }} + strategy: + matrix: + runner: + - {name: "ubuntu-latest", arch: "amd64"} + - {name: "ubicloud-standard-8-arm", arch: "arm64"} env: NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }} OCI_REGISTRY_SDP_PASSWORD: ${{ secrets.HARBOR_ROBOT_SDP_GITHUB_ACTION_BUILD_SECRET }} @@ -128,3 +133,26 @@ jobs: if: ${{ !github.event.pull_request.head.repo.fork }} name: Output Image Name and Tag run: echo "IMAGE_TAG=$(make -e print-docker-tag)" >> "$GITHUB_OUTPUT" + + create_manifest_list: + name: Build and publish manifest list + needs: + - publish + runs-on: ubuntu-latest + permissions: + id-token: write + env: + NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }} + OCI_REGISTRY_SDP_PASSWORD: ${{ secrets.HARBOR_ROBOT_SDP_GITHUB_ACTION_BUILD_SECRET }} + OCI_REGISTRY_SDP_USERNAME: "robot$sdp+github-action-build" + OCI_REGISTRY_SDP_CHARTS_PASSWORD: ${{ secrets.HARBOR_ROBOT_SDP_CHARTS_GITHUB_ACTION_BUILD_SECRET }} + OCI_REGISTRY_SDP_CHARTS_USERNAME: "robot$sdp-charts+github-action-build" + steps: + - name: Install cosign + uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0 + - name: Build manifest list + run: | + # Creating manifest list + make -e docker-manifest-list-build + # Pushing and signing manifest list + make -e docker-manifest-list-publish From fd1f6a2a8eb0b4325dce95bbc97dd7ada2c55b1c Mon Sep 17 00:00:00 2001 From: xeniape Date: Thu, 17 Oct 2024 15:10:40 +0200 Subject: [PATCH 2/5] replace amd image digest with manifest digest, also linter --- docker/Dockerfile | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index f92a1b73..c4b4674d 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,13 +1,14 @@ # Using inlined version of ubi8-rust-builder, ends at ## END OF ubi8-rust-builder # Each modification (apart from removing ONBUILD clauses) should be preceded by a ## PATCH comment explaining the change #FROM docker.stackable.tech/stackable/ubi8-rust-builder AS builder -FROM registry.access.redhat.com/ubi8/ubi-minimal:8.7@sha256:3e1adcc31c6073d010b8043b070bd089d7bf37ee2c397c110211a6273453433f AS builder +FROM registry.access.redhat.com/ubi8/ubi-minimal@sha256:987ae81ce046652ee4a2c3df54dad5e82faa1b078dab5d09f7cfaae11784ed30 AS builder LABEL maintainer="Stackable GmbH" # https://github.com/hadolint/hadolint/wiki/DL4006 SHELL ["/bin/bash", "-o", "pipefail", "-c"] # Update image and install everything needed for Rustup & Rust +# hadolint ignore=DL3041 RUN microdnf update --disablerepo=* --enablerepo=ubi-8-appstream-rpms --enablerepo=ubi-8-baseos-rpms -y \ && rm -rf /var/cache/yum \ && microdnf install --disablerepo=* --enablerepo=ubi-8-appstream-rpms --enablerepo=ubi-8-baseos-rpms curl findutils gcc gcc-c++ make cmake openssl-devel pkg-config systemd-devel unzip tar xz clang krb5-libs libkadm5 -y \ @@ -57,8 +58,8 @@ COPY docker/ubi8-rust-builder/copy_artifacts.sh / WORKDIR /src COPY . /src -# hadolint ignore=SC1091 ## PATCH: disabled cyclonedx, run yarn install, build stackable-cockpitd with ui feature enabled +# hadolint ignore=SC1091 RUN . "$HOME/.cargo/env" && yarn && cargo build --release --workspace --features stackable-cockpitd/ui # ONBUILD RUN . "$HOME/.cargo/env" && cargo auditable build --release --workspace && cargo cyclonedx --output-pattern package --all --output-cdx @@ -79,6 +80,7 @@ RUN find /src/target/release \ RUN echo "The following files will be copied to the runtime image: $(ls /app)" ## END OF ubi8-rust-builder +# hadolint ignore=DL3006 FROM registry.access.redhat.com/ubi8/ubi-minimal AS operator ARG VERSION @@ -93,12 +95,14 @@ LABEL name="Stackable Cockpit" \ description="Deploy and manage Stackable clusters." # Update image +# hadolint ignore=DL3041 RUN microdnf install -y yum \ && yum -y update-minimal --security --sec-severity=Important --sec-severity=Critical \ && yum clean all \ && microdnf clean all # Install kerberos client libraries +# hadolint ignore=DL3041 RUN microdnf install -y krb5-libs libkadm5 && microdnf clean all #COPY LICENSE /licenses/LICENSE From 4a7d6b46e424c26f8ccc0a29173d9c3bdba8b745 Mon Sep 17 00:00:00 2001 From: xeniape Date: Fri, 18 Oct 2024 09:04:57 +0200 Subject: [PATCH 3/5] add checkout action --- .github/workflows/pr_cockpit.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/pr_cockpit.yml b/.github/workflows/pr_cockpit.yml index 4cb0c862..90a69b35 100644 --- a/.github/workflows/pr_cockpit.yml +++ b/.github/workflows/pr_cockpit.yml @@ -150,6 +150,10 @@ jobs: steps: - name: Install cosign uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0 + - name: Checkout + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + submodules: recursive - name: Build manifest list run: | # Creating manifest list From b62a2736c92aefeb85eab819549fe7a832c464ed Mon Sep 17 00:00:00 2001 From: xeniape Date: Fri, 18 Oct 2024 09:32:02 +0200 Subject: [PATCH 4/5] update cargo version if PR --- .github/workflows/pr_cockpit.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/pr_cockpit.yml b/.github/workflows/pr_cockpit.yml index 90a69b35..5101650b 100644 --- a/.github/workflows/pr_cockpit.yml +++ b/.github/workflows/pr_cockpit.yml @@ -154,6 +154,16 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: submodules: recursive + # This step checks if the current run was triggered by a push to a pr (or a pr being created). + # If this is the case it changes the version of this project in all Cargo.toml files to include the suffix + # "-pr" so that the published artifacts can be linked to this PR. + - uses: stackabletech/cargo-install-action@main + with: + crate: cargo-edit + bin: cargo-set-version + - name: Update version if PR + if: ${{ github.event_name == 'pull_request' }} + run: cargo set-version --offline --workspace 0.0.0-pr${{ github.event.pull_request.number }} - name: Build manifest list run: | # Creating manifest list From 491e616d7abf3e2b55c3ce2d1a9e0712f090be6c Mon Sep 17 00:00:00 2001 From: xeniape Date: Fri, 18 Oct 2024 10:10:05 +0200 Subject: [PATCH 5/5] only set-version for stackable-cockpit --- .github/workflows/pr_cockpit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr_cockpit.yml b/.github/workflows/pr_cockpit.yml index 5101650b..26c1d7b1 100644 --- a/.github/workflows/pr_cockpit.yml +++ b/.github/workflows/pr_cockpit.yml @@ -163,7 +163,7 @@ jobs: bin: cargo-set-version - name: Update version if PR if: ${{ github.event_name == 'pull_request' }} - run: cargo set-version --offline --workspace 0.0.0-pr${{ github.event.pull_request.number }} + run: cargo set-version --offline --package stackable-cockpit 0.0.0-pr${{ github.event.pull_request.number }} - name: Build manifest list run: | # Creating manifest list