-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Container Image for VCS Agent #56
Conversation
I've added the Dockerfile for VCS Agent. I've added a release workflow for Docker Container Image creation with two jobs: one uses GoReleaser to build the vcs agent and publishes to GitHub and the other one to build and publish container image. I've also added trivy container image scanning and updated Readme with Docker instructions. Signed-off-by: eminalemdar <emnalmdr@gmail.com> Changed the release workflow and updated an environment variable Signed-off-by: eminalemdar <emnalmdr@gmail.com> Updated the release workflow for importing GPG Key Signed-off-by: eminalemdar <emnalmdr@gmail.com> Updated env variable for GPG Key import Signed-off-by: eminalemdar <emnalmdr@gmail.com> Updated the variable for the passphrase for GPG Key Signed-off-by: eminalemdar <emnalmdr@gmail.com> Updated GPG Key config in the release.yml file Signed-off-by: eminalemdar <emnalmdr@gmail.com> Updated GPG import step in the release workflow Updated Preprod and Prod release workflows to add container image build, updated Dockerfile and Trivy workflows updated Preprod and Prod release workflows updated Preprod workflow to test container image build Updated Preprod workflow to test if the container image is building correctly Typo fix in Preprod workflow
… updated Prod workflow to match Preprod.
if: ${{ github.ref == 'refs/heads/main' }} | ||
run: aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws | ||
|
||
# - name: Set up QEMU |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe add a comment here, explaining this will be needed for adding multi-arch build support in future?
uses: docker/build-push-action@v3 | ||
with: | ||
context: . | ||
platforms: linux/amd64,linux/arm64 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we really want to build for arm64
here? I think we're currently only building an amd64
binary, so I don't think the ARM docker image will work correctly.
.goreleaser.yaml
Outdated
@@ -0,0 +1,47 @@ | |||
project_name: spacelift-vcs-agent |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since you're not switching the build to Goreleaser in this PR, can you remove this file from the PR? It means when we do the PR to switch to Goreleaser it will be self-contained and won't rely on a change from this PR.
Dockerfile
Outdated
RUN apk upgrade --update-cache --available | ||
RUN adduser --disabled-password --no-create-home --uid=1983 spacelift | ||
|
||
# The reason we're using a wildcard on the copy is that goreleaser sets a _v1 suffix for the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this comment could be removed for now.
|
||
RUN apk add --no-cache ca-certificates | ||
RUN apk upgrade --update-cache --available | ||
RUN adduser --disabled-password --no-create-home --uid=1983 spacelift |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since we're creating a user for this image, should we use that user? Here's what we do in the runner-terraform image: https://github.com/spacelift-io/runner-terraform/blob/224cd1b25829a2fde73ad4a86d0b990ced2640db/Dockerfile#L64
…uctions for arm64 builts, removed goreleaser worklow, updated Dockerfile for user configuration.
* Revert "Add flag to remove HTTP header `Content-Length` from HTTP requests" (#55) This reverts commit 3075165. * Add Container Image for VCS Agent (#56) * Combined commits I've added the Dockerfile for VCS Agent. I've added a release workflow for Docker Container Image creation with two jobs: one uses GoReleaser to build the vcs agent and publishes to GitHub and the other one to build and publish container image. I've also added trivy container image scanning and updated Readme with Docker instructions. Signed-off-by: eminalemdar <emnalmdr@gmail.com> Changed the release workflow and updated an environment variable Signed-off-by: eminalemdar <emnalmdr@gmail.com> Updated the release workflow for importing GPG Key Signed-off-by: eminalemdar <emnalmdr@gmail.com> Updated env variable for GPG Key import Signed-off-by: eminalemdar <emnalmdr@gmail.com> Updated the variable for the passphrase for GPG Key Signed-off-by: eminalemdar <emnalmdr@gmail.com> Updated GPG Key config in the release.yml file Signed-off-by: eminalemdar <emnalmdr@gmail.com> Updated GPG import step in the release workflow Updated Preprod and Prod release workflows to add container image build, updated Dockerfile and Trivy workflows updated Preprod and Prod release workflows updated Preprod workflow to test container image build Updated Preprod workflow to test if the container image is building correctly Typo fix in Preprod workflow * Updated Preprod workflow to track the changes for the main branch and updated Prod workflow to match Preprod. * Updated the comments on prod and preprod workflows, removed the instructions for arm64 builts, removed goreleaser worklow, updated Dockerfile for user configuration. * Updated Dockerfile * Fix broken deployment workflows (#58) * Separated deployment workflows to have two different jobs one for building the binary and one for publishing both the binary and the container image * Update .github/workflows/prod-deployment.yml Co-authored-by: Adam Connelly <adam.rpconnelly@gmail.com> --------- Co-authored-by: Adam Connelly <adam.rpconnelly@gmail.com> * Fix deployment workflow (#59) * Separated deployment workflows to have two different jobs one for building the binary and one for publishing both the binary and the container image * Updated preprod and prod deployment workflows to add checkout repository code in publish job * Fix for deployment workflows (#60) * Updated deployment workflows to fix error for reference to the deployment id in second job * Added extra failure step to build job for both preprod and prod deployments * Updated target URL for the deployment status step in prod deployment workflow --------- Co-authored-by: Marcin Białoń <mbialon@spacelift.io> Co-authored-by: Emin Alemdar <77338109+eminalemdar@users.noreply.github.com> Co-authored-by: Adam Connelly <adam.rpconnelly@gmail.com>
Description of the change
I've added the configuration for VCS Agent container image creation.
Type of change
Checklists
Development
Code review
Deployment