CI and deps updates

nats-io · Jan 19, 2024 · 9052201 · 9052201
1 parent a2281b5
commit 9052201
Show file tree

Hide file tree

Showing 7 changed files with 279 additions and 307 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,29 @@
+version: 2
+updates:
+  # version updates: enabled
+  # security updates: enabled
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+  - package-ecosystem: docker
+    directory: /cicd
+    schedule:
+      interval: daily
+    ignore:
+      - dependency-name: golang
+        update-types:
+          - version-update:semver-major
+      - dependency-name: node
+        update-types:
+          - version-update:semver-major
+
+  # version updates: disabled
+  # security updates: enabled
+  # https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#overriding-the-default-behavior-with-a-configuration-file
+  # ./go
+  - package-ecosystem: gomod
+    directory: /
+    schedule:
+      interval: daily
+    open-pull-requests-limit: 0
diff --git a/Makefile b/Makefile
@@ -85,27 +85,12 @@ nats-kafka.docker: $(goSrc)
 .PHONY: docker
 docker: Dockerfile
 ifneq ($(dtag),)
-	docker build --tag natsio/nats-kafka:$(dtag) --build-arg VERSION=$(dtag) .
+	CI=true REGISTRY=natsio TAGS="latest,$(dtag)" docker buildx bake 
 else
 	# Missing dtag, try again. Example: make docker dtag=1.2.3
 	exit 1
 endif
 
-.PHONY: dockerx
-dockerx:
-ifneq ($(ver),)
-	# Ensure 'docker buildx ls' shows correct platforms.
-	docker buildx build \
-		--tag natsio/nats-kafka:$(ver) --tag natsio/nats-kafka:latest \
-		--build-arg VERSION=$(ver) \
-		--platform linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8 \
-		--push .
-else
-	# Missing version, try this.
-	# make dockerx ver=1.2.3
-	exit 1
-endif
-
 .PHONY: clean
 clean:
 	rm -f nats-kafka

diff --git a/cicd/Dockerfile b/cicd/Dockerfile
@@ -1,41 +1,58 @@
-#syntax=docker/dockerfile-upstream:1.4
-ARG GO_APP
-
-FROM base as deps
+#syntax=docker/dockerfile-upstream:1.6
+FROM goreleaser as deps
 
 ARG GO_APP
+ARG APP_USER=root
 
 ARG TARGETOS
 ARG TARGETARCH
 ARG TARGETVARIANT
 
-RUN mkdir -p /go/bin /go/src
+RUN mkdir -p /go/bin /go/src/dist
+
+WORKDIR /go/src
 
-COPY --from=build /go/src/dist /go/src/dist
+RUN <<EOT
+  # If not built, build for current platform
+  if [ -z "$(ls -A dist)" ]; then
+    if [ ${TARGETARCH} = "arm" ]; then VARIANT=$(echo ${TARGETVARIANT} | sed 's/^v//'); fi
+    GOOS=${TARGETOS} GOARCH=${TARGETARCH} GOARM=${VARIANT} TAGS=${TAGS} goreleaser build --single-target --snapshot -f ${GORELEASER_CONFIG}
+  fi
+EOT
 
 RUN <<EOT
   set -e
-  apk add --no-cache ca-certificates jq
-  if [[ ${TARGETARCH} == "arm" ]]; then VARIANT=$(echo ${TARGETVARIANT} | sed 's/^v//'); fi
+
+  GORELEASER_DIST_DIR="/go/src/dist"
+  # If --single-target, artifacts.json only exists in os_arch target directory
+  if [ ! -f ${GORELEASER_DIST_DIR}/artifacts.json ]; then
+    GORELEASER_DIST_DIR="${GORELEASER_DIST_DIR}/${TARGETOS}_${TARGETARCH}"
+  fi
+
+  if [ ${TARGETARCH} = "arm" ]; then VARIANT=$(echo ${TARGETVARIANT} | sed 's/^v//'); fi
   BIN_PATH=$(jq -r ".[] |select(.type   == \"Binary\" and \
                                 .name   == \"${GO_APP}\" and \
                                 .goos   == \"${TARGETOS}\" and \
                                 .goarch == \"${TARGETARCH}\" and \
-                                (.goarm == \"${VARIANT}\" or .goarm == null)) | .path" < /go/src/dist/artifacts.json)
+                                (.goarm == \"${VARIANT}\" or .goarm == null)) | .path" < ${GORELEASER_DIST_DIR}/artifacts.json)
+
+  if [ -z ${BIN_PATH} ]; then
+    exit 1
+  fi
+
   cp ${BIN_PATH} /go/bin
 EOT
 
-FROM base
+FROM alpine:3.19.0
 
 ARG GO_APP
 ENV GO_APP ${GO_APP}
 
-COPY --from=deps --chmod=755 /go/bin/${GO_APP} /usr/local/bin/${GO_APP}
-
-COPY --from=deps /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=deps --chmod=0755 --chown=$APP_USR:$APP_USER /go/bin/${GO_APP} /usr/local/bin/${GO_APP}
+COPY --from=assets --chmod=0755 entrypoint.sh /entrypoint.sh
 
-COPY --from=assets entrypoint.sh /entrypoint.sh
+RUN apk add --no-cache ca-certificates && ln -s /usr/local/bin/${GO_APP} /${GO_APP}
 
-RUN ln -s /usr/local/bin/${GO_APP} /${GO_APP} && chmod +x /entrypoint.sh
+USER $APP_USER:$APP_USER
 
 ENTRYPOINT ["/entrypoint.sh"]
diff --git a/cicd/Dockerfile_goreleaser b/cicd/Dockerfile_goreleaser
@@ -1,19 +1,54 @@
-#syntax=docker/dockerfile-upstream:1.4
-FROM --platform=$BUILDPLATFORM goreleaser
+FROM --platform=$BUILDPLATFORM golang:1.21.6-bullseye as goreleaser
+
+ARG GORELEASER_KEY
+ENV GORELEASER_KEY=$GORELEASER_KEY
+
+ARG GORELEASER_CONFIG=".goreleaser.yaml"
+ENV GORELEASER_CONFIG=$GORELEASER_CONFIG
+
+RUN <<EOT
+    set -e
+
+    echo 'deb [trusted=yes] https://repo.goreleaser.com/apt/ /' > /etc/apt/sources.list.d/goreleaser.list
+    apt-key adv --keyserver keyserver.ubuntu.com --recv-key C99B11DEB97541F0
+
+    curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg > /usr/share/keyrings/githubcli-archive-keyring.gpg
+    echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" > /etc/apt/sources.list.d/github-cli.list
+
+    GORELEASER_DEB="goreleaser"
+
+    apt-get update
+    if [ -n "${GORELEASER_KEY}" ]; then
+        GORELEASER_DEB="goreleaser-pro"
+    fi
+    apt-get install -y \
+      gh \
+      jq \
+      "${GORELEASER_DEB}"
+    rm -rf /var/lib/apt/lists/*
+EOT
+
+FROM goreleaser
 
 ARG CI
-ARG GITHUB_TOKEN
 
-COPY --from=src . /go/src
+COPY --from=src / /go/src
+
+WORKDIR /go/src
 
 RUN <<EOT
   set -e
-  cd /go/src
-  FLAGS="--rm-dist"
-  if [[ -z ${GITHUB_TOKEN} ]]; then
-    if [[ ${CI} != "true" ]]; then FLAGS="${FLAGS} --skip-validate --single-target"; fi
-    goreleaser build ${FLAGS}
+
+  GORELEASER_CMD="build"
+  FLAGS="--clean"
+  if [ -n "${GITHUB_TOKEN}" ]; then
+    GORELEASER_CMD="release"
   else
-    goreleaser release ${FLAGS}
+    FLAGS="${FLAGS} --snapshot"
+  fi
+  if [ "${CI}" != "true" ]; then
+    FLAGS="${FLAGS} --single-target"
   fi
+
+  goreleaser ${GORELEASER_CMD} -f ${GORELEASER_CONFIG} ${FLAGS}
 EOT
diff --git a/docker-bake.hcl b/docker-bake.hcl
@@ -15,14 +15,6 @@ variable CI {
   default = false
 }
 
-variable image_base {
-  default = "docker-image://alpine:3.18.4"
-}
-
-variable image_goreleaser {
-  default = "docker-image://goreleaser/goreleaser:v1.15.2"
-}
-
 ###################
 ### Functions
 ###################
@@ -58,7 +50,6 @@ group "default" {
 
 target "goreleaser" {
   contexts = {
-    goreleaser = image_goreleaser
     src = "."
   }
   args = {
@@ -70,9 +61,8 @@ target "goreleaser" {
 
 target "nats-kafka" {
   contexts = {
-    base    = image_base
-    build   = "target:goreleaser"
-    assets  = "cicd/assets"
+    goreleaser = "target:goreleaser"
+    assets     = "cicd/assets"
   }
   args = {
     GO_APP = "nats-kafka"

diff --git a/go.mod b/go.mod
@@ -3,80 +3,79 @@ module github.com/nats-io/nats-kafka
 go 1.18
 
 require (
-	github.com/Shopify/sarama v1.37.2
-	github.com/jhump/protoreflect v1.10.1
+	github.com/Shopify/sarama v1.38.1
+	github.com/aws/aws-msk-iam-sasl-signer-go v1.0.0
+	github.com/jhump/protoreflect v1.15.4
 	github.com/linkedin/goavro/v2 v2.12.0
-	github.com/nats-io/nats-server/v2 v2.10.5
-	github.com/nats-io/nats-streaming-server v0.25.2
-	github.com/nats-io/nats.go v1.31.0
+	github.com/nats-io/nats-server/v2 v2.10.9
+	github.com/nats-io/nats-streaming-server v0.25.6
+	github.com/nats-io/nats.go v1.32.0
 	github.com/nats-io/nuid v1.0.1
-	github.com/nats-io/stan.go v0.10.3
+	github.com/nats-io/stan.go v0.10.4
 	github.com/orcaman/concurrent-map v1.0.0
-	github.com/riferrei/srclient v0.5.4
-	github.com/santhosh-tekuri/jsonschema/v5 v5.0.2
+	github.com/riferrei/srclient v0.6.0
+	github.com/santhosh-tekuri/jsonschema/v5 v5.3.1
 	github.com/stretchr/testify v1.8.4
 	github.com/xdg-go/scram v1.1.2
 )
 
 require (
-	github.com/armon/go-metrics v0.3.9 // indirect
-	github.com/aws/aws-msk-iam-sasl-signer-go v1.0.0 // indirect
-	github.com/aws/aws-sdk-go-v2 v1.24.0 // indirect
-	github.com/aws/aws-sdk-go-v2/config v1.26.2 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.16.13 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.26.6 // indirect
-	github.com/aws/smithy-go v1.19.0 // indirect
+	github.com/armon/go-metrics v0.4.1 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.19.0 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.18.28 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.27 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.5 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.35 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.29 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.36 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.29 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.12.13 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.13 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.19.3 // indirect
+	github.com/aws/smithy-go v1.13.5 // indirect
+	github.com/bufbuild/protocompile v0.7.1 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/eapache/go-resiliency v1.4.0 // indirect
-	github.com/eapache/go-xerial-snappy v0.0.0-20230731223053-c322873962e3 // indirect
+	github.com/eapache/go-resiliency v1.3.0 // indirect
+	github.com/eapache/go-xerial-snappy v0.0.0-20230111030713-bf00bc1b83b6 // indirect
 	github.com/eapache/queue v1.1.0 // indirect
-	github.com/fatih/color v1.12.0 // indirect
+	github.com/fatih/color v1.16.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/protobuf v1.4.2 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/hashicorp/errwrap v1.0.0 // indirect
-	github.com/hashicorp/go-hclog v1.1.0 // indirect
-	github.com/hashicorp/go-immutable-radix v1.3.0 // indirect
-	github.com/hashicorp/go-msgpack v1.1.5 // indirect
+	github.com/hashicorp/go-hclog v1.5.0 // indirect
+	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
+	github.com/hashicorp/go-msgpack/v2 v2.1.1 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-uuid v1.0.3 // indirect
-	github.com/hashicorp/golang-lru v0.5.4 // indirect
-	github.com/hashicorp/raft v1.3.11 // indirect
+	github.com/hashicorp/golang-lru v1.0.2 // indirect
+	github.com/hashicorp/raft v1.6.0 // indirect
 	github.com/jcmturner/aescts/v2 v2.0.0 // indirect
 	github.com/jcmturner/dnsutils/v2 v2.0.0 // indirect
 	github.com/jcmturner/gofork v1.7.6 // indirect
-	github.com/jcmturner/gokrb5/v8 v8.4.4 // indirect
+	github.com/jcmturner/gokrb5/v8 v8.4.3 // indirect
 	github.com/jcmturner/rpc/v2 v2.0.3 // indirect
-	github.com/klauspost/compress v1.17.2 // indirect
-	github.com/mattn/go-colorable v0.1.8 // indirect
-	github.com/mattn/go-isatty v0.0.13 // indirect
+	github.com/klauspost/compress v1.17.4 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/minio/highwayhash v1.0.2 // indirect
 	github.com/nats-io/jwt/v2 v2.5.3 // indirect
-	github.com/nats-io/nkeys v0.4.6 // indirect
-	github.com/pierrec/lz4/v4 v4.1.18 // indirect
+	github.com/nats-io/nkeys v0.4.7 // indirect
+	github.com/pierrec/lz4/v4 v4.1.17 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/procfs v0.8.0 // indirect
+	github.com/prometheus/procfs v0.12.0 // indirect
 	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
-	github.com/rogpeppe/go-internal v1.9.0 // indirect
+	github.com/rogpeppe/go-internal v1.12.0 // indirect
 	github.com/xdg-go/pbkdf2 v1.0.0 // indirect
 	github.com/xdg-go/stringprep v1.0.4 // indirect
-	go.etcd.io/bbolt v1.3.6 // indirect
-	golang.org/x/crypto v0.15.0 // indirect
-	golang.org/x/net v0.18.0 // indirect
-	golang.org/x/sync v0.4.0 // indirect
-	golang.org/x/sys v0.14.0 // indirect
+	go.etcd.io/bbolt v1.3.8 // indirect
+	golang.org/x/crypto v0.18.0 // indirect
+	golang.org/x/net v0.17.0 // indirect
+	golang.org/x/sync v0.5.0 // indirect
+	golang.org/x/sys v0.16.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
-	golang.org/x/time v0.4.0 // indirect
-	google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 // indirect
-	google.golang.org/protobuf v1.25.1-0.20200805231151-a709e31e5d12 // indirect
+	golang.org/x/time v0.5.0 // indirect
+	google.golang.org/protobuf v1.31.1-0.20231027082548-f4a6c1f6e5c1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )