Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CI migration to GitHub Actions, and build system improvements #55

Merged
merged 26 commits into from
Sep 19, 2022
Merged

CI migration to GitHub Actions, and build system improvements #55

merged 26 commits into from
Sep 19, 2022

Conversation

npdgm
Copy link
Member

@npdgm npdgm commented Sep 18, 2022
edited

  • Migrate from Gitlab CI to Github Actions
  • Add a CODEOWNERS file to protect CI
  • Run CI on pull requests
    • Go: code linting, unit testing
    • Helm chart linting (install test to be added later)
    • Dockerfile linting
    • Security checks on dependencies
  • New build targets for binary releases
  • Builds know their release date and commit hash in addition to version (to be used for an upcoming "info" metric)
  • Assets uploaded to the release before it's published
  • Compress released binaries (tgz or zip), and add fingerprint files for SHA-256 checksum verification
  • Container images
    • Switch to buildah for daemon-less building, assembling multi-platform manifest, and pushing to registries
    • Images now ship the same static binaries from release assets
    • New flavors
      • Busybox (uclibc)
      • Distroless "scratch"
    • Busybox images are now shipped under the default version tag, to improve compatibility with legacy environments, and alleviate security strain on some user systems
    • Alpine image based on version 3.16, previously 3.14 (may cause compatibility problems, but not the default anymore)
  • Helm chart
    • New value to suffix image tag and choose a container image flavor
    • Improve translation of Semantic Release changelog to Artifacthub specifications, and add support for the new format

@npdgm
ci: remove Gitlab assets
769fcce 
Preparing for the pending migration to Github Actions.
@npdgm
feat: binaries know their build date and commit hash
05f8438 
Will be used for a future metric reporting exporter infos.
@npdgm
build: rework dockerfile for development use only
9354296
@npdgm
ci: add a pre-release test branch to semantic-release
e5cf613
@npdgm
ci: run dependency-review on pull-requests
cdae211
@npdgm
ci: run chart-testing linting on pull-requests
e408b5e
@npdgm
ci: run dockerfile linting on pull-requests
71f1980
@npdgm
chore(chart): update maintainer contact information
65878cf
@npdgm
ci: run code testing on pull-requests
bb54357
@npdgm
chore(chart): update Artifacthub annotation for sources url
c6224fa
@npdgm
ci: new workflow for releasing
a5e62f5
@npdgm
feat(build): busybox (uclibc) based container images
37e7184
@npdgm
feat(build): distroless "scratch" container images
54bfaf2
@npdgm
feat(build): container images now default to the busybox flavor
8512265 
Alpine Linux has raised issues when tracking latest versions, with muscl enabling new syscalls not handled by old CRIs. This project running a static binary, we do not need or benefit from a cutting edge userland, and would rather prefer to maximize compatibility with legacy environments.
The distribution also has a larger surface for security vulnerabilities with many libraries installed, forcing otherwise unnecessary builds so that users would not be affected by security scans in their clusters or registries.

Busybox was chosen as an alternative to going distroless by default, as the exporter is dealing with volumes where having a shell is convenient for debugging file access.

All container images will keep being built, including Alpine, and base image versions will be bumped as needed. But hopefully this switch will reduce pain for users.
@npdgm
feat(build): binary releases for NetBSD
ff2d174
@npdgm
feat(build): binary releases for illumos (amd64 only)
3ea69ae
@npdgm
feat(security): Alpine based container images pull version 3.16.2
858f4ce
@npdgm
feat(build): binary releases for the RISC-V architecture (Linux only)
debf6b5 
Close #49
@npdgm
feat(build): container images for the RISC-V architecture
a68a550 
RISC-V not being supported in Alpine 3.16, we'll use "edge" as the base image for the time being.
@npdgm
ci: trigger releases on dispatch only
94ae5d8
@npdgm npdgm self-assigned this Sep 18, 2022
@npdgm npdgm marked this pull request as ready for review September 18, 2022 23:53
@npdgm npdgm requested a review from arcln September 19, 2022 00:10
@npdgm npdgm changed the title CI migration to Gitlab Actions, and build system improvements CI migration to GitHub Actions, and build system improvements Sep 19, 2022
@npdgm npdgm removed the request for review from arcln September 19, 2022 09:58
@npdgm npdgm merged commit 7fe4a7c into main Sep 19, 2022
@monkeynator
Copy link
Member

🎉 This PR is included in version 3.5.0-beta.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

@monkeynator
Copy link
Member

🎉 This PR is included in version 3.5.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@npdgm npdgm

Labels
docker enhancement New feature or request helm released on @main released security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Build container images for RISC-V
2 participants
@npdgm @monkeynator