From 43018d81f1fc93c8a528d091a894f6345fcb3ae2 Mon Sep 17 00:00:00 2001 From: Mike Vanbuskirk Date: Mon, 10 Apr 2023 13:16:29 -0400 Subject: [PATCH] add base TF config and Dockerfile (#11) * add base TF config and Dockerfile * add Dockerfile and goreleaser config --- .github/workflows/release.yml | 6 --- .goreleaser.yml | 70 +++++++++++++++++++++++++++++++++++ Dockerfile | 16 ++++++++ terraform/auditor.tf | 10 +++++ terraform/provider.tf | 0 terraform/variables.tf | 0 6 files changed, 96 insertions(+), 6 deletions(-) create mode 100644 .goreleaser.yml create mode 100644 Dockerfile create mode 100644 terraform/auditor.tf create mode 100644 terraform/provider.tf create mode 100644 terraform/variables.tf diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d6bed68..9cdf245 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,11 +21,6 @@ jobs: fetch-depth: 0 - name: Set up QEMU uses: docker/setup-qemu-action@v2 - - name: Docker Login to DockerHub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Docker Login to GitHub Container Registry uses: docker/login-action@v2 with: @@ -44,4 +39,3 @@ jobs: args: release --rm-dist env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - HOMEBREW_TAP_TOKEN: ${{ secrets.HOMEBREW_TAP_TOKEN }} diff --git a/.goreleaser.yml b/.goreleaser.yml new file mode 100644 index 0000000..74906ab --- /dev/null +++ b/.goreleaser.yml @@ -0,0 +1,70 @@ +builds: + - binary: gcp-auditor + ldflags: + - -X 'github.com/trufflesecurity/gcp-auditor/pkg/version.BuildVersion={{ .Version }}' + env: [CGO_ENABLED=0] + goos: + - linux + goarch: + - amd64 + - arm64 +dockers: + - image_templates: ["trufflesecurity/{{ .ProjectName }}:{{ .Version }}-amd64"] + dockerfile: Dockerfile.goreleaser + use: buildx + build_flag_templates: + - --platform=linux/amd64 + - --label=org.opencontainers.image.title={{ .ProjectName }} + - --label=org.opencontainers.image.description={{ .ProjectName }} + - --label=org.opencontainers.image.url=https://github.com/trufflesecurity/{{ .ProjectName }} + - --label=org.opencontainers.image.source=https://github.com/trufflesecurity/{{ .ProjectName }} + - --label=org.opencontainers.image.version={{ .Version }} + - --label=org.opencontainers.image.revision={{ .FullCommit }} + - --label=org.opencontainers.image.licenses=AGPL-3.0 + - image_templates: ["trufflesecurity/{{ .ProjectName }}:{{ .Version }}-arm64v8"] + goarch: arm64 + dockerfile: Dockerfile.goreleaser + use: buildx + build_flag_templates: + - --platform=linux/arm64/v8 + - --label=org.opencontainers.image.title={{ .ProjectName }} + - --label=org.opencontainers.image.description={{ .ProjectName }} + - --label=org.opencontainers.image.url=https://github.com/trufflesecurity/{{ .ProjectName }} + - --label=org.opencontainers.image.source=https://github.com/trufflesecurity/{{ .ProjectName }} + - --label=org.opencontainers.image.version={{ .Version }} + - --label=org.opencontainers.image.revision={{ .FullCommit }} + - --label=org.opencontainers.image.licenses=AGPL-3.0 + - image_templates: ["ghcr.io/trufflesecurity/{{ .ProjectName }}:{{ .Version }}-amd64"] + dockerfile: Dockerfile.goreleaser + use: buildx + build_flag_templates: + - --platform=linux/amd64 + - --label=org.opencontainers.image.title={{ .ProjectName }} + - --label=org.opencontainers.image.description={{ .ProjectName }} + - --label=org.opencontainers.image.url=https://github.com/trufflesecurity/{{ .ProjectName }} + - --label=org.opencontainers.image.source=https://github.com/trufflesecurity/{{ .ProjectName }} + - --label=org.opencontainers.image.version={{ .Version }} + - --label=org.opencontainers.image.revision={{ .FullCommit }} + - --label=org.opencontainers.image.licenses=AGPL-3.0 + - image_templates: ["ghcr.io/trufflesecurity/{{ .ProjectName }}:{{ .Version }}-arm64v8"] + goarch: arm64 + dockerfile: Dockerfile.goreleaser + use: buildx + build_flag_templates: + - --platform=linux/arm64/v8 + - --label=org.opencontainers.image.title={{ .ProjectName }} + - --label=org.opencontainers.image.description={{ .ProjectName }} + - --label=org.opencontainers.image.url=https://github.com/trufflesecurity/{{ .ProjectName }} + - --label=org.opencontainers.image.source=https://github.com/trufflesecurity/{{ .ProjectName }} + - --label=org.opencontainers.image.version={{ .Version }} + - --label=org.opencontainers.image.revision={{ .FullCommit }} + - --label=org.opencontainers.image.licenses=AGPL-3.0 +docker_manifests: + - name_template: ghcr.io/trufflesecurity/{{ .ProjectName }}:{{ .Version }} + image_templates: + - ghcr.io/trufflesecurity/{{ .ProjectName }}:{{ .Version }}-amd64 + - ghcr.io/trufflesecurity/{{ .ProjectName }}:{{ .Version }}-arm64v8 + - name_template: ghcr.io/trufflesecurity/{{ .ProjectName }}:latest + image_templates: + - ghcr.io/trufflesecurity/{{ .ProjectName }}:{{ .Version }}-amd64 + - ghcr.io/trufflesecurity/{{ .ProjectName }}:{{ .Version }}-arm64v8 diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..b5aef58 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,16 @@ +FROM --platform=${BUILDPLATFORM} golang:bullseye as builder + +WORKDIR /build +COPY . . +ENV CGO_ENABLED=0 +ARG TARGETOS TARGETARCH +RUN --mount=type=cache,target=/go/pkg/mod \ + --mount=type=cache,target=/root/.cache/go-build \ + GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -o gcp-auditor . + +FROM alpine:3.17 +RUN apk add --no-cache git ca-certificates \ + && rm -rf /var/cache/apk/* && \ + update-ca-certificates +COPY --from=builder /build/gcp-auditor /usr/bin/gcp-auditor +ENTRYPOINT ["/usr/bin/gcp-auditor"] diff --git a/terraform/auditor.tf b/terraform/auditor.tf new file mode 100644 index 0000000..5394ebe --- /dev/null +++ b/terraform/auditor.tf @@ -0,0 +1,10 @@ +module "auditor" { + source = "" + + name = var.name + project_id = local.project + logging_sink_filter = var.filter + organization_id = var.organization_id + region = var.region + docker_image = var.image +} diff --git a/terraform/provider.tf b/terraform/provider.tf new file mode 100644 index 0000000..e69de29 diff --git a/terraform/variables.tf b/terraform/variables.tf new file mode 100644 index 0000000..e69de29