-
-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ci: refactor and add arm64 build #76
Conversation
slight cleanup in YAML syntax and terminology Signed-off-by: K3rnelPan1c <69395733+k3rnelpan1c-dev@users.noreply.github.com>
Signed-off-by: K3rnelPan1c <69395733+k3rnelpan1c-dev@users.noreply.github.com>
Signed-off-by: K3rnelPan1c <69395733+k3rnelpan1c-dev@users.noreply.github.com>
848bee7
to
2c83876
Compare
Signed-off-by: K3rnelPan1c <69395733+k3rnelpan1c-dev@users.noreply.github.com>
Since I just realized that I am not 100% following the Git commit guidelines, let me know and I shall fix them in no time. Sorry for that mishap, not used to capitalized git commits 😅 |
Dockerfile
Outdated
COPY bin/ /cyclonedx | ||
ENV TZ=Etc/UTC \ | ||
LANG=C.UTF-8 \ | ||
REPO__DIRECTORY=Repo \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
REPO__DIRECTORY=Repo \ | |
REPO__DIRECTORY=/repo \ |
I would like to propose changing the default REPO_DIRECTORY for the container to a actual path that is also used within the usage sections and makes sense over the 'default' value that would be assumed for REPO__DIRECTORY
is just a relative path.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That change makes sense. I'll have to remember to communicate it though as it could be breaking for some folks with this already deployed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While this sure can have breaking effects, I would guess the default Port change to 8080 would be the more significant breaking change 🤔
Thanks heaps for this PR. I'm on holidays at the moment and working on some stuff for CycloneDX v1.4. So it might take me a little while to review this. But this is a much appreciated contribution. |
Hey, first of all thank you for your reply! Enjoy your holidays and a happy new year 🎆 |
I really like these changes. My only concern is the use of unofficial actions for creating a GitHub release and uploading release assets. I'm absolutely dumbfounded that GitHub is no longer maintaining official actions for these. This is such a great opportunity for a bad actor to compromise the release process of countless OSS projects. Are you able to change those back for now? I'm comfortable with the use of the RedHat actions. @stevespringett and @DarthHater FYI |
I too can not comprehend why GitHub decided to deprecate these two actions, hence why I searched and went with alternatives. |
Signed-off-by: K3rnelPan1c <69395733+k3rnelpan1c-dev@users.noreply.github.com>
Signed-off-by: K3rnelPan1c <69395733+k3rnelpan1c-dev@users.noreply.github.com>
4ce5919
to
7e76d02
Compare
Description
This PR aims to provide
arm64
builds in the form of per-compiled binary archives as well as a published container image as part of a container manifest.Alongside that the Container image was altered to allow the direct deployment to a restrictive container runtime (i.e. OpenShift, which starts pods by default with an arbitrary UID and GID 0).
Finally, this PR migrates the use of some ("currently") unmaintained and archived GitHub Actions to maintained alternatives.
In case there are any questions and or necessary changes then please let me know so I can answer or fix them as soon as I can.
Motivation
During the last week (log4shell hell) I stumbled over the dependency-track project and implicitly found this project too. I wanted to help out and contribute in the area I am most active in (i.e. CI and Container) and took on the task of not only adding a
arm64
build, refactoring and cleaning up the the CI and enabling the App container image to be run in an restrictive environment.Changes
Issues
Test run:
All tests where conducted on my forks ci/refactor-test branch since I needed to redirect the outputted images to a registry I could push to, yet that branch is just one commit ahead of this branch to do exactly this redirect. (*before I realized I forgot to sign the commits and to spot a missed out repo designation, yet the logic is still the same where it counts)
WARNING I am not 100% sure the
arm64
container image works as I went of the assumption thatdotnet publish
is smart enough to detect the proper CPU arch within the multi stage build, which the Microsoft documentation lead me to believe should be the case.