mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-07-31 11:08:50 -04:00
add apko image building
This commit is contained in:
leongross
parent
a0ca82c463
commit
d06c4781df
5 changed files with 105 additions and 4 deletions
55
.github/actions/build_apko/action.yml
vendored
Normal file
55
.github/actions/build_apko/action.yml
vendored
Normal file
|
|
@ -0,0 +1,55 @@
|
||||||
|
name: Build apko image
|
||||||
|
description: Build an apko image based on a supplied .yaml file
|
||||||
|
|
||||||
|
inputs:
|
||||||
|
apkoConfig:
|
||||||
|
description: "Path to the apko .yaml config file. If left empty, all images will be built."
|
||||||
|
required: false
|
||||||
|
registry:
|
||||||
|
description: "Container registry to use"
|
||||||
|
default: "ghcr.io"
|
||||||
|
required: true
|
||||||
|
githubToken:
|
||||||
|
description: "GitHub authorization token"
|
||||||
|
required: true
|
||||||
|
|
||||||
|
# Linux runner only (Docker required)
|
||||||
|
runs:
|
||||||
|
using: "composite"
|
||||||
|
steps:
|
||||||
|
- name: Log in to the Container registry
|
||||||
|
id: docker-login
|
||||||
|
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # tag=v2.1.0
|
||||||
|
with:
|
||||||
|
registry: ${{ inputs.registry }}
|
||||||
|
username: ${{ github.actor }}
|
||||||
|
password: ${{ inputs.githubToken }}
|
||||||
|
|
||||||
|
- name: Build apko images
|
||||||
|
shell: bash
|
||||||
|
run: |
|
||||||
|
if [ -z "${{ inputs.apkoConfig }}" ]; then
|
||||||
|
echo "Building all images in image"
|
||||||
|
for imageConfig in image/apko/*.yaml; do
|
||||||
|
echo "Building image for $imageConfig"
|
||||||
|
|
||||||
|
imageName=$(basename $imageConfig | cut -d. -f1 )
|
||||||
|
registry=${{ inputs.registry }}/edgelesssys/apko-${imageName}
|
||||||
|
outTar=$imageName.tar
|
||||||
|
|
||||||
|
docker run -v "$PWD":/work cgr.dev/chainguard/apko build $imageConfig $registry $outTar
|
||||||
|
docker load < $outTar
|
||||||
|
docker push $registry
|
||||||
|
|
||||||
|
done
|
||||||
|
else
|
||||||
|
echo "Building image for ${{ inputs.apkoConfig }}"
|
||||||
|
|
||||||
|
imageName=$(basename ${{ inputs.apkoConfig }} | cut -d. -f1 )
|
||||||
|
registry=${{ inputs.registry }}/edgelesssys/apko-${imageName}
|
||||||
|
outTar=$imageName.tar
|
||||||
|
|
||||||
|
docker run -v "$PWD":/work cgr.dev/chainguard/apko build ${{ inputs.apkoConfig }} $registry $outTar
|
||||||
|
docker load < $outTar
|
||||||
|
docker push $registry
|
||||||
|
fi
|
||||||
2
.github/actions/build_ko/action.yml
vendored
2
.github/actions/build_ko/action.yml
vendored
|
|
@ -5,7 +5,7 @@ inputs:
|
||||||
description: "Name of the micro-service"
|
description: "Name of the micro-service"
|
||||||
required: true
|
required: true
|
||||||
registry:
|
registry:
|
||||||
description: "Name of the repository"
|
description: "Name of the registry to use"
|
||||||
required: false
|
required: false
|
||||||
default: "ghcr.io"
|
default: "ghcr.io"
|
||||||
koConfig:
|
koConfig:
|
||||||
|
|
|
||||||
28
.github/workflows/build-apko-image.yml
vendored
Normal file
28
.github/workflows/build-apko-image.yml
vendored
Normal file
|
|
@ -0,0 +1,28 @@
|
||||||
|
name: Build and upload all apko container images
|
||||||
|
|
||||||
|
on:
|
||||||
|
workflow_dispatch:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
|
- "release/**"
|
||||||
|
- "feat/reproducible-builds-ko"
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build-apko-image:
|
||||||
|
runs-on: ubuntu-22.04
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
packages: write
|
||||||
|
steps:
|
||||||
|
- name: Check out repository
|
||||||
|
id: checkout
|
||||||
|
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
|
||||||
|
with:
|
||||||
|
ref: ${{ github.head_ref }}
|
||||||
|
|
||||||
|
- name: Build and upload apko image
|
||||||
|
uses: ./.github/actions/build_apko
|
||||||
|
with:
|
||||||
|
registry: ghcr.io
|
||||||
|
githubToken: ${{ secrets.GITHUB_TOKEN }}
|
||||||
4
.ko.yaml
4
.ko.yaml
|
|
@ -1,8 +1,7 @@
|
||||||
defaltBaseImage: distroless.dev/static:latest@sha256:d624beaae60b10ec342896b1470421eb473549cb3ac3bf1c6ec074d8b460b4fc
|
defaltBaseImage: distroless.dev/static:latest@sha256:d624beaae60b10ec342896b1470421eb473549cb3ac3bf1c6ec074d8b460b4fc
|
||||||
|
|
||||||
baseImageOverrides:
|
baseImageOverrides:
|
||||||
github.com/edgelesssys/constellation/v2/disk-mapper/cmd: leongross/alpine-libcryptsetup:base
|
github.com/edgelesssys/constellation/v2/operators/constellation-node-operator ghcr.io/edgelesssys/alpine-base-user-65532
|
||||||
github.com/edgelesssys/constellation/v2/bootstrapper/cmd/bootstrapper: leongross/alpine-libcryptsetup:base
|
|
||||||
|
|
||||||
builds:
|
builds:
|
||||||
- id: kms
|
- id: kms
|
||||||
|
|
@ -31,7 +30,6 @@ builds:
|
||||||
- -X github.com/edgelesssys/constellation/v2/internal/constants.VersionInfo=${PROJECT_VERSION}
|
- -X github.com/edgelesssys/constellation/v2/internal/constants.VersionInfo=${PROJECT_VERSION}
|
||||||
- -extldflags "-static"
|
- -extldflags "-static"
|
||||||
|
|
||||||
# currently ignoring USER 65532:65532 from Dockerfile operators/constellation/Dockerfile
|
|
||||||
- id: constellation-node-operator
|
- id: constellation-node-operator
|
||||||
dir: .
|
dir: .
|
||||||
main: ./operators/constellation-node-operator/
|
main: ./operators/constellation-node-operator/
|
||||||
|
|
|
||||||
20
image/apko/alpine-base-user-65532.yaml
Normal file
20
image/apko/alpine-base-user-65532.yaml
Normal file
|
|
@ -0,0 +1,20 @@
|
||||||
|
contents:
|
||||||
|
repositories:
|
||||||
|
- https://dl-cdn.alpinelinux.org/alpine/edge/main
|
||||||
|
packages:
|
||||||
|
- alpine-base
|
||||||
|
|
||||||
|
entrypoint:
|
||||||
|
command: /bin/sh -l
|
||||||
|
|
||||||
|
accounts:
|
||||||
|
groups:
|
||||||
|
- groupname: "65532"
|
||||||
|
gid: 65532
|
||||||
|
users:
|
||||||
|
- username: "65532"
|
||||||
|
uid: 65532
|
||||||
|
run-as: "65532"
|
||||||
|
|
||||||
|
environment:
|
||||||
|
PATH: /usr/sbin:/sbin:/usr/bin:/bin
|
||||||
Loading…
Add table
Add a link
Reference in a new issue