From 09d35a80f433441eaee3571c81d152634c0cbdcf Mon Sep 17 00:00:00 2001 From: Raffael Sahli Date: Mon, 17 Apr 2023 08:42:17 +0000 Subject: [PATCH 1/6] ci: update workflows --- .github/workflows/main.yaml | 30 ++++++++++++++++++++ .github/workflows/pr-build.yaml | 10 ++----- .github/workflows/pr-chart.yaml | 2 +- .github/workflows/release-chart.yaml | 2 +- .github/workflows/scan.yaml | 41 ++++++++++++++++++++++++++++ CONTRIBUTING.md | 14 +++------- Dockerfile | 19 ++----------- Dockerfile.release | 11 -------- Makefile | 2 +- 9 files changed, 83 insertions(+), 48 deletions(-) create mode 100644 .github/workflows/main.yaml create mode 100644 .github/workflows/scan.yaml delete mode 100644 Dockerfile.release diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml new file mode 100644 index 0000000..58a168a --- /dev/null +++ b/.github/workflows/main.yaml @@ -0,0 +1,30 @@ +name: main + +on: + push: + branches: + - master + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3 + - name: Setup Go + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 + with: + go-version: 1.20.x + - name: Restore Go cache + uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 + with: + path: ~/go/pkg/mod + key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go- + - name: Tests + run: make test + - name: Send go coverage report + uses: shogo82148/actions-goveralls@31ee804b8576ae49f6dc3caa22591bc5080e7920 #v1.6.0 + with: + path-to-profile: coverage.out diff --git a/.github/workflows/pr-build.yaml b/.github/workflows/pr-build.yaml index 202b266..c41dbb0 100644 --- a/.github/workflows/pr-build.yaml +++ b/.github/workflows/pr-build.yaml @@ -47,17 +47,13 @@ jobs: fi - name: Build container image run: | - make docker-build IMG=test/k8soauth2-proxy-controller:latest BUILD_PLATFORMS=linux/amd64 \ - BUILD_ARGS="--cache-from=type=local,src=/tmp/.buildx-cache \ - --cache-to=type=local,dest=/tmp/.buildx-cache-new,mode=max" + make docker-build - name: Setup Kubernetes uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 #v0.5.0 - with: - version: v0.17.0 - name: Load test image - run: kind load docker-image test/k8soauth2-proxy-controller:latest + run: kind load docker-image k8soauth2-proxy-controller:latest - name: Deploy controller - run: make deploy IMG=test/k8soauth2-proxy-controller:latest + run: make deploy - name: Debug failure if: failure() run: | diff --git a/.github/workflows/pr-chart.yaml b/.github/workflows/pr-chart.yaml index 345ea44..ae527ca 100644 --- a/.github/workflows/pr-chart.yaml +++ b/.github/workflows/pr-chart.yaml @@ -1,4 +1,4 @@ -name: Lint and Test Charts +name: pr-chart on: pull_request diff --git a/.github/workflows/release-chart.yaml b/.github/workflows/release-chart.yaml index fcdda0b..c234a87 100644 --- a/.github/workflows/release-chart.yaml +++ b/.github/workflows/release-chart.yaml @@ -1,4 +1,4 @@ -name: Release Chart +name: release-chart on: push: diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml new file mode 100644 index 0000000..afa55ab --- /dev/null +++ b/.github/workflows/scan.yaml @@ -0,0 +1,41 @@ +name: scan + +on: + push: + branches: [ master ] + pull_request: + branches: [ master ] + schedule: + - cron: '18 10 * * 3' + +permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for codeQL to write security events + +jobs: + fossa: + name: FOSSA + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3 + - name: Run FOSSA scan and upload build data + uses: fossa-contrib/fossa-action@6728dc6fe9a068c648d080c33829ffbe56565023 # v2.0.0 + with: + # FOSSA Push-Only API Token + fossa-api-key: 956b9b92c5b16eeca1467cebe104f2c3 + github-token: ${{ github.token }} + + codeql: + name: CodeQL + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3 + - name: Initialize CodeQL + uses: github/codeql-action/init@dc046388f30eacf938aadd32064285f437bd9c04 #codeql-bundle-20221020 + with: + languages: go + - name: Autobuild + uses: github/codeql-action/autobuild@dc046388f30eacf938aadd32064285f437bd9c04 #codeql-bundle-20221020 + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@dc046388f30eacf938aadd32064285f437bd9c04 #codeql-bundle-20221020 \ No newline at end of file diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 6a10d64..eb42570 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,17 +2,11 @@ ### Controller release 1. Merge all pr's to master which need to be part of the new release -2. Create pr to master with these changes: - 1. Bump kustomization - 2. Create CHANGELOG.md entry with release and date -3. Merge pr -4. Push a tag following semantic versioning prefixed by 'v'. Do not create a github release, this is done automatically. -5. Create new branch and add the following changes: +2. Create pr to master and bump the kustomization base +3. Push a tag following semantic versioning prefixed by 'v'. Do not create a github release, this is done automatically. +4. Create a new pr and add the following changes: 1. Bump chart version 2. Bump charts app version -6. Create pr to master and merge ### Helm chart change only -1. Create branch with changes -2. Bump chart version -3. Create pr to master and merge +1. Bump the helm chart version in the pr \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 4fadac8..d109a83 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,22 +1,7 @@ -# Build the manager binary -FROM golang:1.20 as builder - -WORKDIR /workspace -COPY . . - -# cache deps before building and copying source so that we don't need to re-download as much -# and so that source changes don't invalidate our downloaded layer -RUN go mod download - -# Build -RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager main.go - -# Use distroless as minimal base image to package the manager binary -# Refer to https://github.com/GoogleContainerTools/distroless for more details FROM gcr.io/distroless/static:nonroot WORKDIR / -COPY --from=builder /workspace/manager . -USER nonroot:nonroot +COPY manager manager +USER 65532:65532 # User env is required by opentelemetry-go ENV USER=k8soauth2-proxy-controller diff --git a/Dockerfile.release b/Dockerfile.release deleted file mode 100644 index b07ce7c..0000000 --- a/Dockerfile.release +++ /dev/null @@ -1,11 +0,0 @@ -# Use distroless as minimal base image to package the manager binary -# Refer to https://github.com/GoogleContainerTools/distroless for more details -FROM gcr.io/distroless/static:nonroot -WORKDIR / -COPY manager manager -USER 65532:65532 - -# User env is required by opentelemetry-go -ENV USER=k8soauth2-proxy-controller - -ENTRYPOINT ["/manager"] diff --git a/Makefile b/Makefile index 1259dfd..fd000fc 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ # Image URL to use all building/pushing image targets -IMG ?= controller:latest +IMG ?= k8soauth2-proxy-controller:latest # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. ENVTEST_K8S_VERSION = 1.23 From c118dd80de002fb8fa5026b37f04e967e94fbbdd Mon Sep 17 00:00:00 2001 From: Raffael Sahli Date: Mon, 17 Apr 2023 08:45:31 +0000 Subject: [PATCH 2/6] ci: docker-build depends on build --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index fd000fc..cd3682c 100644 --- a/Makefile +++ b/Makefile @@ -88,7 +88,7 @@ api-docs: gen-crd-api-reference-docs $(GEN_CRD_API_REFERENCE_DOCS) -api-dir=./api/v1beta1 -config=./hack/api-docs/config.json -template-dir=./hack/api-docs/template -out-file=./docs/api/v1beta1.md .PHONY: docker-build -docker-build: +docker-build: build docker build -t ${IMG} . .PHONY: docker-push From de63d09c8202fbcf42f04943883315307b2e9bd8 Mon Sep 17 00:00:00 2001 From: Raffael Sahli Date: Mon, 17 Apr 2023 08:55:24 +0000 Subject: [PATCH 3/6] ci: build target --- .gitignore | 1 + Makefile | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 6f1ab2a..bc7fa63 100644 --- a/.gitignore +++ b/.gitignore @@ -6,6 +6,7 @@ *.so *.dylib bin +manager # Test binary, build with `go test -c` *.test diff --git a/Makefile b/Makefile index cd3682c..00ae9d3 100644 --- a/Makefile +++ b/Makefile @@ -71,7 +71,7 @@ test: manifests generate fmt vet tidy envtest ## Run tests. .PHONY: build build: generate fmt vet tidy ## Build manager binary. - go build -o bin/manager main.go + go build -o manager main.go .PHONY: run run: manifests generate fmt vet tidy ## Run a controller from your host. From 26d58c6bf003b45e16a5add709898b0e02d85281 Mon Sep 17 00:00:00 2001 From: Raffael Sahli Date: Mon, 17 Apr 2023 09:02:13 +0000 Subject: [PATCH 4/6] ci: remove old dockerfile from goreleaser --- .goreleaser.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 916526b..2a6d100 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -33,7 +33,7 @@ sboms: dockers: - image_templates: - ghcr.io/doodlescheduling/{{ .ProjectName }}:v{{ .Version }}-amd64 - dockerfile: Dockerfile.release + dockerfile: Dockerfile use: buildx ids: - manager @@ -50,7 +50,7 @@ dockers: - image_templates: - ghcr.io/doodlescheduling/{{ .ProjectName }}:v{{ .Version }}-arm64v8 goarch: arm64 - dockerfile: Dockerfile.release + dockerfile: Dockerfile use: buildx ids: - manager From 101dc57b437fb5729ddb37c7ee72219c56ed7b66 Mon Sep 17 00:00:00 2001 From: Raffael Sahli Date: Mon, 17 Apr 2023 09:12:17 +0000 Subject: [PATCH 5/6] ci: update kind version --- .github/workflows/pr-build.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/pr-build.yaml b/.github/workflows/pr-build.yaml index c41dbb0..0d0a741 100644 --- a/.github/workflows/pr-build.yaml +++ b/.github/workflows/pr-build.yaml @@ -50,6 +50,8 @@ jobs: make docker-build - name: Setup Kubernetes uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 #v0.5.0 + with: + version: v0.17.0 - name: Load test image run: kind load docker-image k8soauth2-proxy-controller:latest - name: Deploy controller From cccee65e52525f87d9d81559fa4f11a3f6f015fd Mon Sep 17 00:00:00 2001 From: Raffael Sahli Date: Tue, 18 Apr 2023 06:58:47 +0000 Subject: [PATCH 6/6] ci: disable cgo --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 00ae9d3..6bb439c 100644 --- a/Makefile +++ b/Makefile @@ -71,7 +71,7 @@ test: manifests generate fmt vet tidy envtest ## Run tests. .PHONY: build build: generate fmt vet tidy ## Build manager binary. - go build -o manager main.go + CGO_ENABLED=0 go build -o manager main.go .PHONY: run run: manifests generate fmt vet tidy ## Run a controller from your host.