Matrices - onedr0p similarities for docker image building (#43)

* start implementing logic for gha matrices Signed-off-by: Christopher Larivière <[email protected]> * update Signed-off-by: Christopher Larivière <[email protected]> * add builder, debug locally with act - use go.mod for go version - update .gitignore Signed-off-by: Christopher Larivière <[email protected]> * add tokens and checkouts for test Signed-off-by: Christopher Larivière <[email protected]> --------- Signed-off-by: Christopher Larivière <[email protected]>
larivierec · Dec 6, 2023 · 50fbfd8 · 50fbfd8
1 parent 7b118cd
commit 50fbfd8
Show file tree

Hide file tree

Showing 16 changed files with 425 additions and 4 deletions.
diff --git a/.github/workflows/builder.yaml b/.github/workflows/builder.yaml
@@ -0,0 +1,131 @@
+---
+name: Build & publish images
+on:
+  push:
+    tags:
+      - qqtesting-v*
+
+jobs:
+  prepare-matrix:
+    runs-on: "ubuntu-latest"
+    outputs:
+      matrices: ${{ steps.prepare-matrices.outputs.matrices }}
+    name: Go - Prepare matrices
+    steps:
+      - name: Generate Token
+        uses: actions/create-github-app-token@46e4a501e119d39574a54e53a06c9a705efc55c9 # v1.6.1
+        id: app-token
+        with:
+          app-id: "${{ secrets.RIVERBOT_APP_ID }}"
+          private-key: "${{ secrets.RIVERBOT_APP_PRIVATE_KEY }}"
+
+      - name: Checkout repository
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
+        with:
+          token: "${{ steps.app-token.outputs.token }}"
+          fetch-depth: 1
+
+      - name: Setup Go
+        uses: actions/setup-go@v4
+        with:
+          go-version-file: go.mod
+
+      - name: Get dependencies
+        run: |
+          go mod download
+
+      - name: Matrices
+        id: prepare-matrices
+        shell: bash
+        run: |
+          matrices=$(go run cmd/containers.go "all" "true" "false" "stable")
+          echo "matrices=${matrices}" >> $GITHUB_OUTPUT
+          echo "${matrices}"
+  build-and-push-image:
+    name: Build ${{ matrix.image.name }} (${{ matrix.image.platform }})
+    needs: prepare-matrix
+    runs-on: ubuntu-latest
+    if: ${{ toJSON(fromJSON(needs.prepare-matrix.outputs.matrices).imagePlatforms) != '[]' && toJSON(fromJSON(needs.prepare-matrix.outputs.matrices).imagePlatforms) != '' }}
+    strategy:
+      fail-fast: false
+      matrix:
+        image: ["${{ fromJSON(needs.prepare-matrix.outputs.matrices).imagePlatforms }}"]
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Log Matrix Input
+        shell: bash
+        run: |
+          cat << EOF
+          ${{ toJSON(matrix.image)}}
+          EOF
+      - name: Validate Matrix Input
+        shell: bash
+        run: |
+          if [[ -z "${{ matrix.image.name }}" ]]; then
+              echo "image.name is empty"
+              exit 1
+          fi
+          if [[ -z "${{ matrix.image.version }}" ]]; then
+              echo "image.version is empty"
+              exit 1
+          fi
+          if [[ -z "${{ matrix.image.context }}" ]]; then
+              echo "image.context is empty"
+              exit 1
+          fi
+          if [[ -z "${{ matrix.image.dockerfile }}" ]]; then
+              echo "image.dockerfile is empty"
+              exit 1
+          fi
+          if [[ -z "${{ matrix.image.platform }}" ]]; then
+              echo "image.platform is empty"
+              exit 1
+          fi
+          echo "${{ matrix.image.name }}" | grep -E "[a-zA-Z0-9_\.\-]+" || "Image Name is invalid"
+          echo "${{ matrix.image.version }}" | grep -E "[a-zA-Z0-9_\.\-]+" || "Image Version is invalid"
+
+      - name: Generate Token
+        uses: actions/create-github-app-token@46e4a501e119d39574a54e53a06c9a705efc55c9 # v1.6.1
+        id: app-token
+        with:
+          app-id: "${{ secrets.RIVERBOT_APP_ID }}"
+          private-key: "${{ secrets.RIVERBOT_APP_PRIVATE_KEY }}"
+
+      - name: Checkout repository
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
+        with:
+          token: "${{ steps.app-token.outputs.token }}"
+          fetch-depth: 1
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5
+        with:
+          images: ghcr.io/${{github.repository_owner}}/${{ matrix.image.name }}
+          tags: |
+            type=raw,value=v${{matrix.image.version}}
+
+      - name: Build and Push
+        uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5
+
+        with:
+          build-args: |-
+            VERSION=${{ matrix.image.version }}
+            REVISION=${{ github.sha }}
+            TARGETPLATFORM=${{ matrix.image.platform }}
+          context: ${{ matrix.image.context }}
+          file: ${{ matrix.image.dockerfile }}
+          push: ${{ github.event_name != 'pull_request' }}
+          platforms: ${{ matrix.image.platform }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
diff --git a/.gitignore b/.gitignore
@@ -2,5 +2,6 @@
 **/terraform.tfstate**
 **/*.tfstate
 **/*.bitwarden
+.actsecret
 ## macos
 .DS_Store
diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -0,0 +1,18 @@
+{
+  "version": "0.2.0",
+  "configurations": [
+      {
+          "name": "Launch Package",
+          "type": "go",
+          "request": "launch",
+          "program": "cmd/containers.go",
+          "cwd": "${workspaceFolder}",
+          "args": [
+              "all",
+              "true",
+              "false",
+              "stable"
+          ]
+      }
+  ]
+}
diff --git a/apps/bitwarden-cli/Dockerfile b/apps/bitwarden-cli/Dockerfile
@@ -1,9 +1,11 @@
 FROM debian:sid
 
+ARG TARGETPLATFORM
+ARG VERSION
+
 WORKDIR /usr/local/bin
 RUN apt update && apt install -y curl unzip libsecret-1-0 jq
-RUN export VER=$(curl -H "Accept: application/vnd.github+json" https://api.github.com/repos/bitwarden/clients/releases | jq  -r 'sort_by(.published_at) | reverse | .[].name | select( index("CLI") )' | sed 's:.*CLI v::' | head -n 1) && \
-curl -LO "https://github.com/bitwarden/clients/releases/download/cli-v{$VER}/bw-linux-{$VER}.zip" \
+RUN curl -LO "https://github.com/bitwarden/clients/releases/download/cli-v{$VERSION}/bw-linux-{$VERSION}.zip" \
 && unzip *.zip && chmod +x ./bw
 
 RUN rm *.zip

diff --git a/apps/bitwarden-cli/ci/latest.sh b/apps/bitwarden-cli/ci/latest.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+version=$(curl -H "Accept: application/vnd.github+json" https://api.github.com/repos/bitwarden/clients/releases | jq  -r 'sort_by(.published_at) | reverse | .[].name | select( index("CLI") )' | sed 's:.*CLI v::' | head -n 1)
+version="${version#*v}"
+version="${version#*cli-}"
+printf "%s" "${version}"
diff --git a/apps/bitwarden-cli/ci/metadata.yaml b/apps/bitwarden-cli/ci/metadata.yaml
@@ -0,0 +1,5 @@
+app: bitwarden-cli
+channels:
+  - name: stable
+    platforms: ["linux/amd64"]
+    stable: true
diff --git a/apps/bitwarden-cli/entrypoint.sh b/apps/bitwarden-cli/entrypoint.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 set -e
 

diff --git a/apps/protonmail-bridge-docker/Dockerfile b/apps/protonmail-bridge-docker/Dockerfile
@@ -1,5 +1,8 @@
 FROM golang:1.20 AS build
 
+ARG TARGETPLATFORM
+ARG VERSION
+
 # Install dependencies
 RUN apt-get update && apt-get install -y git build-essential libsecret-1-dev
 

diff --git a/apps/protonmail-bridge-docker/ci/latest.sh b/apps/protonmail-bridge-docker/ci/latest.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+version="$(curl -sX GET "https://api.github.com/repos/ProtonMail/proton-bridge/releases/latest" | jq --raw-output '.tag_name' 2>/dev/null)"
+version="${version#*v}"
+version="${version#*release-}"
+printf "%s" "${version}"
diff --git a/apps/protonmail-bridge-docker/ci/metadata.yaml b/apps/protonmail-bridge-docker/ci/metadata.yaml
@@ -0,0 +1,5 @@
+app: protonmail-bridge-docker
+channels:
+  - name: stable
+    platforms: ["linux/amd64", "linux/arm64"]
+    stable: true
diff --git a/apps/tf-runner-bw/Dockerfile b/apps/tf-runner-bw/Dockerfile
@@ -6,7 +6,8 @@ FROM ghcr.io/weaveworks/tf-runner:v0.16.0-rc.2 as runner
 USER root
 
 # renovate: datasource=npm depName=@bitwarden/cli versioning=npm
-ARG BW_CLI_VERSION=2023.10.0
+ARG TARGETPLATFORM
+ARG VERSION=2023.10.0
 
 RUN apk add --no-cache npm && npm i -g @bitwarden/cli@${BW_CLI_VERSION}
 

diff --git a/apps/tf-runner-bw/ci/latest.sh b/apps/tf-runner-bw/ci/latest.sh
@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+version="$(curl -sX GET "https://api.github.com/repos/weaveworks/tf-controller/tags" | jq --raw-output '.[0].name' 2>/dev/null)"
+version="${version#*v}"
+printf "%s" "${version}"
diff --git a/apps/tf-runner-bw/ci/metadata.yaml b/apps/tf-runner-bw/ci/metadata.yaml
@@ -0,0 +1,5 @@
+app: tf-runner-bw
+channels:
+  - name: stable
+    platforms: ["linux/amd64"]
+    stable: true