From 7d29f694b0de2751ef1d1886ca2b15317a3b33d0 Mon Sep 17 00:00:00 2001
From: Hank Donnay <hdonnay@redhat.com>
Date: Fri, 10 Sep 2021 09:23:13 -0500
Subject: [PATCH] cicd: add "nightly" workflow

This adds a workflow that has a manual trigger and a cron trigger to
build and push a nightly version.

Signed-off-by: Hank Donnay <hdonnay@redhat.com>
---
 .github/workflows/nightly.yml | 106 ++++++++++++++++++++++++++++++++++
 Dockerfile                    |  10 +++-
 2 files changed, 114 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/nightly.yml

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
new file mode 100644
index 0000000000..f3351e9865
--- /dev/null
+++ b/.github/workflows/nightly.yml
@@ -0,0 +1,106 @@
+---
+name: Nightly
+
+on:
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: 'Claircore branch to reference'
+        required: false
+      go_version:
+        description: 'Go version to be used throughout'
+        required: false
+      tag:
+        description: 'Tag to push resulting image to'
+        required: false
+  schedule:
+    - cron: '30 5 * * *'
+
+jobs:
+  build:
+    name: Build and Push container
+    runs-on: 'ubuntu-latest'
+    steps:
+      - name: Setup
+        # This step uses defaults written in the shell script instead of the
+        # nicer workflow inputs so that the cron trigger works.
+        run: |
+          br=$(test -n "${{github.event.inputs.branch}}" && echo "${{github.event.inputs.branch}}" || echo main)
+          t=$(test -n "${{github.event.inputs.tag}}" && echo "${{github.event.inputs.tag}}" || echo nightly)
+          gv=$(test -n "${{github.event.inputs.go_version}}" && echo "${{github.event.inputs.go_version}}" || echo 1.17.1)
+          echo "CLAIRCORE_BRANCH=${br}" >> $GITHUB_ENV
+          echo "TAG=quay.io/projectquay/clair:${t}" >> $GITHUB_ENV
+          echo "GO_VERSION=${gv}" >> $GITHUB_ENV
+          if test "${#gv}" -gt 4; then
+            echo "GO_MINOR=${gv%.*}" >> $GITHUB_ENV
+          else
+            echo "GO_MINOR=${gv}" >> $GITHUB_ENV
+          fi
+          echo "QUAY_USER=projectquay+clair_github" >> $GITHUB_ENV
+          if test -n "${{ secrets.QUAY_TOKEN }}"; then echo "DO_PUSH=1" >> $GITHUB_ENV; fi
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@master
+        with:
+          platforms: all
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      - name: Cache Go Toolchain
+        uses: actions/cache@v2
+        id: go-toolchain-cache
+        with:
+          path: ~/.local/go
+          key: golang-${{ env.GO_VERSION }}-${{ runner.os }}
+      - name: Get a supported go version
+        if: steps.go-toolchain-cache.outputs.cache-hit != 'true'
+        run: |
+          mkdir -p ~/.local
+          curl -sSLf "https://golang.org/dl/go${GO_VERSION}.$(go env GOOS)-$(go env GOARCH).tar.gz" |\
+            tar -xzC ~/.local
+      - name: Use correct go
+        run: |
+          echo "${HOME}/.local/go/bin" >> $GITHUB_PATH
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Cache Go Builds
+        uses: actions/cache@v2
+        with:
+          path: ~/.cache/go-build
+          key: go-build-${{ env.GO_VERSION }}-${{ runner.os }}
+          restore-keys: |
+            go-build-${{ env.GO_VERSION }}
+            go-build
+      - name: Cache Go Modules
+        uses: actions/cache@v2
+        with:
+          path: ~/go/pkg/mod
+          key: go-mod-${{ env.GO_VERSION }}-${{ runner.os }}-${{ hashFiles('./go.*') }}
+          restore-keys: |
+            go-mod-${{ env.GO_VERSION }}-${{ runner.os }}
+            go-mod-${{ env.GO_VERSION }}
+            go-mod
+      - name: Modify module
+        run: ./.github/script/nightly-module.sh
+      - name: Login
+        if: ${{ env.DO_PUSH }}
+        run: |
+          docker login -u "${QUAY_USER}" -p '${{ secrets.QUAY_TOKEN }}' quay.io
+      - name: Build
+        run: |
+          echo '::group::QEMU'
+          docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
+          echo '::endgroup::'
+          echo '::group::Build'
+          docker buildx build\
+            --platform linux/amd64,linux/arm64\
+            -f Dockerfile\
+            -t "${TAG}"\
+            --build-arg "GO_VERSION=${GO_MINOR}"\
+            --build-arg "CLAIR_VERSION=$(git describe --tags --always --dirty)"\
+            .
+          echo '::endgroup::'
+      - name: Push
+        if: ${{ env.DO_PUSH }}
+        run: |
+          docker push "${TAG}"
diff --git a/Dockerfile b/Dockerfile
index 6fb25a60e5..c1612b0db2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,7 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM quay.io/projectquay/golang:1.16 AS build
+ARG GO_VERSION=1.17
+FROM quay.io/projectquay/golang:${GO_VERSION} AS build
 WORKDIR /build/
 ADD . /build/
 ARG CLAIR_VERSION=dev
@@ -24,7 +25,12 @@ RUN go build\
 
 FROM registry.access.redhat.com/ubi8/ubi-minimal AS final
 RUN microdnf install --disablerepo=* --enablerepo=ubi-8-baseos --enablerepo=ubi-8-appstream tar
-RUN curl -L -o /usr/local/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v1.2.2/dumb-init_1.2.2_amd64 && chmod +x /usr/local/bin/dumb-init 
+RUN case "$(uname -m)" in \
+		x86_64) export ARCH=amd64 ;; \
+		aarch64) export ARCH=arm64 ;; \
+	esac; \
+	curl -L -o /usr/local/bin/dumb-init "https://github.com/Yelp/dumb-init/releases/download/v1.2.2/dumb-init_1.2.2_${ARCH}" && \
+	chmod +x /usr/local/bin/dumb-init
 ENTRYPOINT ["/usr/local/bin/dumb-init", "--", "/bin/clair"]
 VOLUME /config
 EXPOSE 6060