Skip to content

Commit

Permalink
simplify and optimize release process
Browse files Browse the repository at this point in the history
This commit simplifies and optimizes the release process:
 - No longer build binaries for:
   - linux/s390x (not used)
   - linux/ppc64le (not used)
   - darwin/amd64 (apple has moved to arm64)
 - No longer build containers for:
   - linux/s390x (not used)
   - linux/ppc64le (not used)
 - Upgrade release container image to ubi-9
 - Simplify dev container build

If users really want linux/s390x or linux/ppc64le
we can add these targets again. However, orgs running
such infra most probably run their own registry and the
users can still build images for these os/arch from the
docker file using `docker build -f Dockerfile .`

Signed-off-by: Andreas Auernhammer <[email protected]>
  • Loading branch information
aead committed Oct 25, 2023
1 parent b2443e0 commit d187f05
Show file tree
Hide file tree
Showing 7 changed files with 127 additions and 186 deletions.
39 changes: 0 additions & 39 deletions .github/workflows/codeql.yml

This file was deleted.

66 changes: 5 additions & 61 deletions .goreleaser.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,11 +23,11 @@ builds:
goarch:
- amd64
- arm64
- ppc64le
- s390x
ignore:
- goos: windows
goarch: arm64
- goos: darwin
goarch: amd64
env:
- CGO_ENABLED=0
flags:
Expand Down Expand Up @@ -71,79 +71,29 @@ dockers:
- image_templates:
- minio/kes:{{ replace .CommitDate ":" "-" }}-amd64
use: buildx
dockerfile: Dockerfile.release
dockerfile: Dockerfile
extra_files:
- LICENSE
- CREDITS
build_flag_templates:
- '--platform=linux/amd64'
- '--build-arg=TAG={{ replace .CommitDate ":" "-" }}'
- image_templates:
- minio/kes:{{ replace .CommitDate ":" "-" }}-ppc64le
use: buildx
dockerfile: Dockerfile.release
extra_files:
- LICENSE
- CREDITS
build_flag_templates:
- '--platform=linux/ppc64le'
- '--build-arg=TAG={{ replace .CommitDate ":" "-" }}'
- image_templates:
- minio/kes:{{ replace .CommitDate ":" "-" }}-s390x
use: buildx
dockerfile: Dockerfile.release
extra_files:
- LICENSE
- CREDITS
build_flag_templates:
- '--platform=linux/s390x'
- '--build-arg=TAG={{ replace .CommitDate ":" "-" }}'
- image_templates:
- minio/kes:{{ replace .CommitDate ":" "-" }}-arm64
use: buildx
goarch: arm64
dockerfile: Dockerfile.release
dockerfile: Dockerfile
extra_files:
- LICENSE
- CREDITS
build_flag_templates:
- '--platform=linux/arm64'
- '--build-arg=TAG={{ replace .CommitDate ":" "-" }}'
- image_templates:
- quay.io/minio/kes:{{ replace .CommitDate ":" "-" }}-amd64
use: buildx
dockerfile: Dockerfile.release
extra_files:
- LICENSE
- CREDITS
build_flag_templates:
- '--platform=linux/amd64'
- '--build-arg=TAG={{ replace .CommitDate ":" "-" }}'
- image_templates:
- quay.io/minio/kes:{{ replace .CommitDate ":" "-" }}-ppc64le
use: buildx
dockerfile: Dockerfile.release
extra_files:
- LICENSE
- CREDITS
build_flag_templates:
- '--platform=linux/ppc64le'
- '--build-arg=TAG={{ replace .CommitDate ":" "-" }}'
- image_templates:
- quay.io/minio/kes:{{ replace .CommitDate ":" "-" }}-s390x
use: buildx
dockerfile: Dockerfile.release
extra_files:
- LICENSE
- CREDITS
build_flag_templates:
- '--platform=linux/s390x'
- '--build-arg=TAG={{ replace .CommitDate ":" "-" }}'
- image_templates:
- quay.io/minio/kes:{{ replace .CommitDate ":" "-" }}-arm64
use: buildx
goarch: arm64
dockerfile: Dockerfile.release
dockerfile: Dockerfile
extra_files:
- LICENSE
- CREDITS
Expand All @@ -155,17 +105,11 @@ docker_manifests:
image_templates:
- minio/kes:{{ replace .CommitDate ":" "-" }}-amd64
- minio/kes:{{ replace .CommitDate ":" "-" }}-arm64
- minio/kes:{{ replace .CommitDate ":" "-" }}-ppc64le
- minio/kes:{{ replace .CommitDate ":" "-" }}-s390x
- name_template: quay.io/minio/kes:{{ replace .CommitDate ":" "-" }}
image_templates:
- quay.io/minio/kes:{{ replace .CommitDate ":" "-" }}-amd64
- quay.io/minio/kes:{{ replace .CommitDate ":" "-" }}-arm64
- quay.io/minio/kes:{{ replace .CommitDate ":" "-" }}-ppc64le
- quay.io/minio/kes:{{ replace .CommitDate ":" "-" }}-s390x
- name_template: minio/kes:latest
image_templates:
- minio/kes:{{ replace .CommitDate ":" "-" }}-amd64
- minio/kes:{{ replace .CommitDate ":" "-" }}-arm64
- minio/kes:{{ replace .CommitDate ":" "-" }}-ppc64le
- minio/kes:{{ replace .CommitDate ":" "-" }}-s390x
31 changes: 17 additions & 14 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,23 +1,26 @@
FROM golang:1.21-alpine as build
FROM --platform=linux/amd64 registry.access.redhat.com/ubi8/ubi-minimal:9.2 as build

LABEL maintainer="MinIO Inc <[email protected]>"
RUN microdnf update --nodocs && microdnf install ca-certificates --nodocs

ENV GOPATH /go
ENV CGO_ENABLED 0
ENV GO111MODULE on
FROM registry.access.redhat.com/ubi8/ubi-micro:9.2

RUN \
apk add --no-cache git && \
git clone https://github.com/minio/kes && cd kes && \
GOPROXY=$(go env GOPROXY) go install -v -ldflags "-s -w" ./cmd/kes
ARG TAG

FROM alpine:latest as alpine
RUN apk add -U --no-cache ca-certificates
LABEL name="MinIO" \
vendor="MinIO Inc <[email protected]>" \
maintainer="MinIO Inc <[email protected]>" \
version="${TAG}" \
release="${TAG}" \
summary="KES is a cloud-native distributed key management and encryption server designed to build zero-trust infrastructures at scale."

FROM scratch
# On RHEL the certificate bundle is located at:
# - /etc/pki/tls/certs/ca-bundle.crt (RHEL 6)
# - /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem (RHEL 7)
COPY --from=build /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /etc/pki/ca-trust/extracted/pem/

COPY --from=alpine /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=build /go/bin/kes /kes
COPY LICENSE /LICENSE
COPY CREDITS /CREDITS
COPY kes /kes

EXPOSE 7373

Expand Down
21 changes: 21 additions & 0 deletions Dockerfile.dev
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
FROM golang:1.21-alpine as build

LABEL maintainer="MinIO Inc <[email protected]>"

ENV GOPATH /go
ENV CGO_ENABLED 0

RUN \
apk add -U --no-cache ca-certificates && \
apk add --no-cache git && \
git clone https://github.com/minio/kes && cd kes && \
go install -v -trimpath -buildvcs=true -ldflags "-s -w" ./cmd/kes

FROM scratch

COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=build /go/bin/kes /kes

EXPOSE 7373

ENTRYPOINT ["/kes"]
29 changes: 0 additions & 29 deletions Dockerfile.release

This file was deleted.

31 changes: 17 additions & 14 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,13 @@ go 1.20
require (
aead.dev/mem v0.2.0
aead.dev/minisign v0.2.0
cloud.google.com/go/secretmanager v1.9.0
cloud.google.com/go/secretmanager v1.11.2
github.com/Azure/go-autorest/autorest v0.11.17
github.com/Azure/go-autorest/autorest/azure/auth v0.5.7
github.com/aws/aws-sdk-go v1.44.324
github.com/charmbracelet/lipgloss v0.7.1
github.com/aws/aws-sdk-go v1.46.3
github.com/charmbracelet/lipgloss v0.9.1
github.com/fatih/color v1.13.0
github.com/hashicorp/vault/api v1.9.2
github.com/hashicorp/vault/api v1.10.0
github.com/minio/kes-go v0.2.0
github.com/minio/selfupdate v0.4.0
github.com/muesli/termenv v0.15.2
Expand All @@ -22,15 +22,15 @@ require (
golang.org/x/crypto v0.14.0
golang.org/x/sys v0.13.0
golang.org/x/term v0.13.0
google.golang.org/api v0.103.0
google.golang.org/grpc v1.53.0
google.golang.org/api v0.128.0
google.golang.org/grpc v1.56.1
gopkg.in/yaml.v3 v3.0.1
)

require (
cloud.google.com/go/compute v1.15.1 // indirect
cloud.google.com/go/compute v1.19.3 // indirect
cloud.google.com/go/compute/metadata v0.2.3 // indirect
cloud.google.com/go/iam v0.8.0 // indirect
cloud.google.com/go/iam v1.1.0 // indirect
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
github.com/Azure/go-autorest/autorest/adal v0.9.11 // indirect
github.com/Azure/go-autorest/autorest/azure/cli v0.4.2 // indirect
Expand All @@ -44,11 +44,12 @@ require (
github.com/dimchansky/utfbom v1.1.1 // indirect
github.com/form3tech-oss/jwt-go v3.2.2+incompatible // indirect
github.com/go-jose/go-jose/v3 v3.0.0 // indirect
github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/google/go-cmp v0.5.9 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.2.0 // indirect
github.com/googleapis/gax-go/v2 v2.7.0 // indirect
github.com/google/s2a-go v0.1.4 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.2.4 // indirect
github.com/googleapis/gax-go/v2 v2.12.0 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
Expand All @@ -63,7 +64,7 @@ require (
github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
github.com/mattn/go-colorable v0.1.9 // indirect
github.com/mattn/go-isatty v0.0.18 // indirect
github.com/mattn/go-runewidth v0.0.14 // indirect
github.com/mattn/go-runewidth v0.0.15 // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
Expand All @@ -79,6 +80,8 @@ require (
golang.org/x/text v0.13.0 // indirect
golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f // indirect
google.golang.org/protobuf v1.30.0 // indirect
google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect
google.golang.org/protobuf v1.31.0 // indirect
)
Loading

0 comments on commit d187f05

Please sign in to comment.