bwolf · bwolf · Oct 21, 2021 · Feb 7, 2021 · Feb 7, 2021 · Feb 7, 2021
diff --git a/.dockerignore b/.dockerignore
@@ -1,14 +1,21 @@
 .git
 .gitignore
 .idea
-LICENSE
+.dockerignore
+.github
 Makefile
 README.*
-__main__
+LICENSE
+CHANGELOG.*
+_test
 _out
 apiserver.local.config
 cert-manager-webhook-gandi
 deploy
 main_test.go
 scripts
 testdata
+examples
+*.yaml
+Dockerfile
+charts
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -1,16 +1,172 @@
-name: Container-image
-on: [push]
+name: CI
+
+on:
+  push:
+    tags:
+      - 'v*.*.*'
+      - '!v0.1.*'
+
 jobs:
+  base:
+    runs-on: ubuntu-latest
+
+    outputs:
+      go_version: ${{ steps.get_versions.outputs.go_version }}
+      build_version: ${{ steps.get_versions.outputs.build_version }}
+      chart_version: ${{ steps.get_versions.outputs.chart_version }}
+      go_updated: ${{ steps.file_updates.outputs.go }}
+      yaml_updated: ${{ steps.file_updates.outputs.yaml }}
+
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Get versions
+        id: get_versions
+        run: |
+          echo ::set-output name=go_version::$(go mod edit -json | grep -Po '"Go":\s+"([0-9.]+)"' | sed -E 's/.+"([0-9.]+)"/\1/')
+          echo ::set-output name=build_version::${GITHUB_REF#refs/tags/v}
+          echo ::set-output name=chart_version::${GITHUB_REF#refs/tags/}
+
+      - name: Get last release
+        id: last_release
+        shell: bash
+        run: |
+          tag=$(gh release list | sed -n '1 p' | awk '{print $(NF -1);}')
+          sha=$(git show-ref --tags | grep $tag | awk '{print $1;}')
+          echo ::set-output name=sha::$sha
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Check updated files
+        id: file_updates
+        uses: dorny/paths-filter@v2
+        with:
+          base: ${{ steps.last_release.outputs.sha }}
+          filters: |
+            go:
+              - '*.go'
+              - 'go.*'
+            yaml:
+              - 'deploy/cert-manager-webhook-gandi/*.yaml'
+              - 'deploy/cert-manager-webhook-gandi/templates/*.yaml'
+
   build:
-    name: Build docker image
+    needs: base
+    if: ${{ needs.base.outputs.go_updated == 'true' }}
+
+    runs-on: ubuntu-latest
+
+    outputs:
+      tag_commit: ${{ steps.update_image.outputs.commit }}
+
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@v2
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Set up Docker buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Cache Docker layers
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
+      - name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: ./
+          file: ./Dockerfile
+          platforms: linux/amd64
+          target: image
+          push: true
+          build-args: GO_VERSION=${{ needs.base.outputs.go_version }}
+          tags: bwolf/cert-manager-webhook-gandi:latest,bwolf/cert-manager-webhook-gandi:${{ needs.base.outputs.build_version }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
+
+      # Temp fix
+      # https://github.com/docker/build-push-action/issues/252
+      # https://github.com/moby/buildkit/issues/1896
+      - name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+
+      - name: Update Helm image tag
+        id: update_image
+        uses: fjogeleit/yaml-update-action@master
+        with:
+          valueFile: 'deploy/cert-manager-webhook-gandi/values.yaml'
+          propertyPath: 'image.tag'
+          value: ${{ needs.base.outputs.build_version }}
+          message: 'Update image tag to ${{ needs.base.outputs.build_version }}'
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+  release:
+    needs:
+      - base
+      - build
+
+    if: |
+      always() && needs.base.result == 'success' &&
+      ((needs.build.result == 'success' && needs.build.outputs.tag_commit != '' ) || (needs.build.result == 'skipped' && needs.base.outputs.yaml_updated == 'true'))
+
     runs-on: ubuntu-latest
+
     steps:
-    - uses: actions/checkout@v1
-    - name: Build and Publish to Registry
-      uses: elgohr/Publish-Docker-Github-Action@master
-      with:
-        name: bwolf/cert-manager-webhook-gandi
-        username: '${{ secrets.DOCKER_USERNAME }}'
-        password: '${{ secrets.DOCKER_PASSWORD }}'
-        buildoptions: "--compress --force-rm"
-        tag_names: true
+      - name: Retrieve commit ref
+        id: commit_ref
+        run: |
+          if [[ '${{ needs.build.outputs.tag_commit }}' = '' ]]; then
+            sha=${{ github.sha }}
+          else
+            sha=${{ needs.build.outputs.tag_commit }}
+          fi
+
+          echo ::set-output name=sha::$sha
+
+      - name: Check out repo
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+          ref: ${{ steps.commit_ref.outputs.sha }}
+
+      - name: Configure Git
+        run: |
+          git config user.name github-actions
+          git config user.email github-actions@github.com
+
+      - name: Update Helm chart version
+        uses: fjogeleit/yaml-update-action@master
+        with:
+          valueFile: 'deploy/cert-manager-webhook-gandi/Chart.yaml'
+          propertyPath: 'version'
+          value: ${{ needs.base.outputs.chart_version }}
+          message: 'Update chart version to ${{ needs.base.outputs.chart_version }}'
+          token: ${{ secrets.GITHUB_TOKEN }}
+          updateFile: true
+
+      - name: Install Helm
+        uses: azure/setup-helm@v1
+        with:
+          version: v3.4.0
+
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@v1.2.1
+        with:
+          charts_dir: deploy
+        env:
+          CR_RELEASE_NAME_TEMPLATE: '{{ .Version }}'
+          CR_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.gitignore b/.gitignore
@@ -7,7 +7,7 @@
 
 # Test binary, build with `go test -c`
 *.test
-/__main__/
+/_test/
 /apiserver.local.config/
 /_out/
 
@@ -16,3 +16,9 @@
 
 # Ignore the built binary
 cert-manager-webhook-gandi
+
+# Ignore the Helm chart
+/charts/
+
+# JetBrains
+.idea
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,7 @@
+# CHANGELOG
+| Date | Version | Description |
+| ------ | ------ | ------ |
+| 2021-10-11 | v0.2.0 | add chart-releaser GitHub action |
+| 2021-10-06 | v0.2.0 | update cert-manager to 1.5.4<br>update k8s API version to 0.22.2<br>migrate to new LiveDNS API (https://api.gandi.net)<br>add Helm repo with GitHub pages<br>simplify Dockerfile & switch to Buildx<br>update make test target (remove shell script)<br>update README.md with changes made<br>update GitHub workflow with Buildx<br>add k8s APF support (k8s >= 1.20) |
+| 2020-02-26 | v0.1.1 | switch to Docker Hub |
+| 2020-02-26 | v0.1.0 | initial release |
diff --git a/ChangeLog.md b/ChangeLog.md
diff --git a/Dockerfile b/Dockerfile
@@ -1,25 +1,23 @@
-FROM golang:1.13-alpine AS build_deps
+# syntax=docker/dockerfile:1.3
+ARG GO_VERSION
+FROM --platform=${TARGETPLATFORM} golang:${GO_VERSION}-alpine AS base
 
-RUN apk add --no-cache git bzr
+WORKDIR /go/src/cert-manager-webhook-gandi
+COPY go.* .
 
-WORKDIR /workspace
-ENV GO111MODULE=on
+RUN --mount=type=cache,target=/go/pkg/mod \
+    apk add --no-cache git ca-certificates && \
+    go mod download
 
-COPY go.mod .
-COPY go.sum .
+FROM base AS build
+ARG TARGETOS
+ARG TARGETARCH
 
-RUN go mod download
+RUN --mount=readonly,target=. --mount=type=cache,target=/go/pkg/mod \
+    GOOS=${TARGETOS} GOARCH=${TARGETARCH} CGO_ENABLED=0 go build -a -o /go/bin/webhook -ldflags '-w -extldflags "-static"' .
 
-FROM build_deps AS build
+FROM scratch AS image
+COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+COPY --from=build /go/bin/webhook /usr/local/bin/webhook
 
-COPY . .
-
-RUN CGO_ENABLED=0 go build -o webhook -ldflags '-w -extldflags "-static"' .
-
-FROM alpine:3.9
-
-RUN apk add --no-cache ca-certificates
-
-COPY --from=build /workspace/webhook /usr/local/bin/webhook
-
-ENTRYPOINT ["webhook"]
+ENTRYPOINT ["/usr/local/bin/webhook"]
diff --git a/Makefile b/Makefile
@@ -1,20 +1,52 @@
-IMAGE_NAME := "cert-manager-webhook-gandi"
-IMAGE_TAG := "latest"
+OS ?= $(shell go env GOOS)
+ARCH ?= $(shell go env GOARCH)
+
+ifeq (Darwin, $(shell uname))
+	GREP_PREGEX_FLAG := E
+else
+	GREP_PREGEX_FLAG := P
+endif
+
+GO_VERSION ?= $(shell go mod edit -json | grep -${GREP_PREGEX_FLAG}o '"Go":\s+"([0-9.]+)"' | sed -E 's/.+"([0-9.]+)"/\1/')
+
+IMAGE_NAME := bwolf/cert-manager-webhook-gandi
+IMAGE_TAG := 0.2.0
 
 OUT := $(shell pwd)/_out
 
-$(shell mkdir -p "$(OUT)")
+KUBEBUILDER_VERSION=2.3.2
+
+$(shell mkdir -p "${OUT}")
 
-verify:
+test: _test/kubebuilder
+	TEST_ASSET_ETCD=_test/kubebuilder/bin/etcd \
+	TEST_ASSET_KUBE_APISERVER=_test/kubebuilder/bin/kube-apiserver \
+	TEST_ASSET_KUBECTL=_test/kubebuilder/bin/kubectl \
 	go test -v .
 
+_test/kubebuilder:
+	curl -fsSL https://github.com/kubernetes-sigs/kubebuilder/releases/download/v${KUBEBUILDER_VERSION}/kubebuilder_${KUBEBUILDER_VERSION}_${OS}_${ARCH}.tar.gz -o kubebuilder-tools.tar.gz
+	mkdir -p _test/kubebuilder
+	tar -xvf kubebuilder-tools.tar.gz
+	mv kubebuilder_${KUBEBUILDER_VERSION}_${OS}_${ARCH}/bin _test/kubebuilder/
+	rm kubebuilder-tools.tar.gz
+	rm -R kubebuilder_${KUBEBUILDER_VERSION}_${OS}_${ARCH}
+
+clean: clean-kubebuilder
+
+clean-kubebuilder:
+	rm -Rf _test/kubebuilder
+
 build:
-	docker build --rm -t "$(IMAGE_NAME):$(IMAGE_TAG)" .
+	docker buildx build --target=image --platform=linux/amd64 --output=type=docker,name=${IMAGE_NAME}:${IMAGE_TAG} --tag=${IMAGE_NAME}:latest --build-arg=GO_VERSION=${GO_VERSION} .
+
+package:
+	helm package deploy/cert-manager-webhook-gandi -d charts/
+	helm repo index charts/ --url https://bwolf.github.io/cert-manager-webhook-gandi
 
 .PHONY: rendered-manifest.yaml
 rendered-manifest.yaml:
-#	    --name cert-manager-webhook-gandi $BACKSLASH
 	helm template \
-        --set image.repository=$(IMAGE_NAME) \
-        --set image.tag=$(IMAGE_TAG) \
-        deploy/cert-manager-webhook-gandi > "$(OUT)/rendered-manifest.yaml"
+        --set image.repository=${IMAGE_NAME} \
+        --set image.tag=${IMAGE_TAG} \
+        deploy/cert-manager-webhook-gandi > "${OUT}/rendered-manifest.yaml"