add base TF config and Dockerfile (#11)

* add base TF config and Dockerfile * add Dockerfile and goreleaser config
trufflesecurity · Apr 10, 2023 · 43018d8 · 43018d8
1 parent 4a1e9a3
commit 43018d8
Show file tree

Hide file tree

Showing 6 changed files with 96 additions and 6 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -21,11 +21,6 @@ jobs:
           fetch-depth: 0
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v2
-      - name: Docker Login to DockerHub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Docker Login to GitHub Container Registry
         uses: docker/login-action@v2
         with:
@@ -44,4 +39,3 @@ jobs:
           args: release --rm-dist
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          HOMEBREW_TAP_TOKEN: ${{ secrets.HOMEBREW_TAP_TOKEN }}
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -0,0 +1,70 @@
+builds:
+  - binary: gcp-auditor
+    ldflags:
+      - -X 'github.com/trufflesecurity/gcp-auditor/pkg/version.BuildVersion={{ .Version }}'
+    env: [CGO_ENABLED=0]
+    goos:
+    - linux
+    goarch:
+    - amd64
+    - arm64
+dockers:
+  - image_templates: ["trufflesecurity/{{ .ProjectName }}:{{ .Version }}-amd64"]
+    dockerfile: Dockerfile.goreleaser
+    use: buildx
+    build_flag_templates:
+    - --platform=linux/amd64
+    - --label=org.opencontainers.image.title={{ .ProjectName }}
+    - --label=org.opencontainers.image.description={{ .ProjectName }}
+    - --label=org.opencontainers.image.url=https://github.com/trufflesecurity/{{ .ProjectName }}
+    - --label=org.opencontainers.image.source=https://github.com/trufflesecurity/{{ .ProjectName }}
+    - --label=org.opencontainers.image.version={{ .Version }}
+    - --label=org.opencontainers.image.revision={{ .FullCommit }}
+    - --label=org.opencontainers.image.licenses=AGPL-3.0
+  - image_templates: ["trufflesecurity/{{ .ProjectName }}:{{ .Version }}-arm64v8"]
+    goarch: arm64
+    dockerfile: Dockerfile.goreleaser
+    use: buildx
+    build_flag_templates:
+    - --platform=linux/arm64/v8
+    - --label=org.opencontainers.image.title={{ .ProjectName }}
+    - --label=org.opencontainers.image.description={{ .ProjectName }}
+    - --label=org.opencontainers.image.url=https://github.com/trufflesecurity/{{ .ProjectName }}
+    - --label=org.opencontainers.image.source=https://github.com/trufflesecurity/{{ .ProjectName }}
+    - --label=org.opencontainers.image.version={{ .Version }}
+    - --label=org.opencontainers.image.revision={{ .FullCommit }}
+    - --label=org.opencontainers.image.licenses=AGPL-3.0
+  - image_templates: ["ghcr.io/trufflesecurity/{{ .ProjectName }}:{{ .Version }}-amd64"]
+    dockerfile: Dockerfile.goreleaser
+    use: buildx
+    build_flag_templates:
+    - --platform=linux/amd64
+    - --label=org.opencontainers.image.title={{ .ProjectName }}
+    - --label=org.opencontainers.image.description={{ .ProjectName }}
+    - --label=org.opencontainers.image.url=https://github.com/trufflesecurity/{{ .ProjectName }}
+    - --label=org.opencontainers.image.source=https://github.com/trufflesecurity/{{ .ProjectName }}
+    - --label=org.opencontainers.image.version={{ .Version }}
+    - --label=org.opencontainers.image.revision={{ .FullCommit }}
+    - --label=org.opencontainers.image.licenses=AGPL-3.0
+  - image_templates: ["ghcr.io/trufflesecurity/{{ .ProjectName }}:{{ .Version }}-arm64v8"]
+    goarch: arm64
+    dockerfile: Dockerfile.goreleaser
+    use: buildx
+    build_flag_templates:
+    - --platform=linux/arm64/v8
+    - --label=org.opencontainers.image.title={{ .ProjectName }}
+    - --label=org.opencontainers.image.description={{ .ProjectName }}
+    - --label=org.opencontainers.image.url=https://github.com/trufflesecurity/{{ .ProjectName }}
+    - --label=org.opencontainers.image.source=https://github.com/trufflesecurity/{{ .ProjectName }}
+    - --label=org.opencontainers.image.version={{ .Version }}
+    - --label=org.opencontainers.image.revision={{ .FullCommit }}
+    - --label=org.opencontainers.image.licenses=AGPL-3.0
+docker_manifests:
+  - name_template: ghcr.io/trufflesecurity/{{ .ProjectName }}:{{ .Version }}
+    image_templates:
+    - ghcr.io/trufflesecurity/{{ .ProjectName }}:{{ .Version }}-amd64
+    - ghcr.io/trufflesecurity/{{ .ProjectName }}:{{ .Version }}-arm64v8
+  - name_template: ghcr.io/trufflesecurity/{{ .ProjectName }}:latest
+    image_templates:
+    - ghcr.io/trufflesecurity/{{ .ProjectName }}:{{ .Version }}-amd64
+    - ghcr.io/trufflesecurity/{{ .ProjectName }}:{{ .Version }}-arm64v8
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,16 @@
+FROM --platform=${BUILDPLATFORM} golang:bullseye as builder
+
+WORKDIR /build
+COPY . .
+ENV CGO_ENABLED=0
+ARG TARGETOS TARGETARCH
+RUN  --mount=type=cache,target=/go/pkg/mod \
+     --mount=type=cache,target=/root/.cache/go-build \
+     GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -o gcp-auditor .
+
+FROM alpine:3.17
+RUN apk add --no-cache git ca-certificates \
+    && rm -rf /var/cache/apk/* && \
+    update-ca-certificates
+COPY --from=builder /build/gcp-auditor /usr/bin/gcp-auditor
+ENTRYPOINT ["/usr/bin/gcp-auditor"]
diff --git a/terraform/auditor.tf b/terraform/auditor.tf
@@ -0,0 +1,10 @@
+module "auditor" {
+  source = ""
+
+  name                = var.name
+  project_id          = local.project
+  logging_sink_filter = var.filter
+  organization_id     = var.organization_id
+  region              = var.region
+  docker_image        = var.image
+}
diff --git a/terraform/provider.tf b/terraform/provider.tf
diff --git a/terraform/variables.tf b/terraform/variables.tf