diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 354bde9b1b..0fed8c1cef 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -27,6 +27,9 @@ concurrency: group: ${{ github.ref_name }}-ci cancel-in-progress: true +env: + platforms: "linux/arm64, linux/amd64" + jobs: vars: @@ -36,19 +39,22 @@ jobs: sha: ${{ steps.vars.outputs.sha }} version: ${{ steps.vars.outputs.version }} date: ${{ steps.vars.outputs.date }} + go_path: ${{ steps.vars.outputs.go_path }} steps: - name: Checkout Repository uses: actions/checkout@v3 + - name: Setup Golang Environment + uses: actions/setup-go@v3 + with: + go-version-file: go.mod + cache: true - name: Output Variables id: vars run: | echo "::set-output name=sha::$(echo ${GITHUB_SHA} | cut -c1-7)" echo "::set-output name=version::$(grep "VERSION = " Makefile | cut -d " " -f 3)" echo "::set-output name=date::$(date -u +"%Y-%m-%dT%H:%M:%SZ")" - - name: Setup Golang Environment - uses: actions/setup-go@v3 - with: - go-version-file: go.mod + echo "::set-output name=go_path::$(go env GOPATH)" - name: Check if CRDs changed run: | make update-crds && git diff --name-only --exit-code deploy/manifests/crds/* @@ -64,6 +70,7 @@ jobs: uses: actions/setup-go@v3 with: go-version-file: go.mod + cache: true - name: Run Tests run: make unit-test - name: Upload Coverage Report @@ -94,16 +101,33 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@v3 + with: + fetch-depth: 0 - name: Setup Golang Environment uses: actions/setup-go@v3 with: go-version-file: go.mod - - name: Build Binary - run: make build + cache: true + + - name: Download Syft + uses: anchore/sbom-action/download-syft@v0.11.0 + + - name: Build binary + uses: goreleaser/goreleaser-action@v3 + with: + version: latest + args: ${{ startsWith(github.ref, 'refs/tags/') && 'release' || 'build --snapshot' }} --rm-dist + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GOPATH: ${{ needs.vars.outputs.go_path }} + AZURE_STORAGE_ACCOUNT: ${{ secrets.AZURE_STORAGE_ACCOUNT }} + AZURE_STORAGE_KEY: ${{ secrets.AZURE_STORAGE_KEY }} + AZURE_BUCKET_NAME: ${{ secrets.AZURE_BUCKET_NAME }} + - name: Cache Artifacts uses: actions/cache@v3 with: - path: ${{ github.workspace }}/build/.out/gateway + path: ${{ github.workspace }}/dist key: nginx-kubernetes-gateway-${{ github.run_id }}-${{ github.run_number }} build: @@ -116,10 +140,14 @@ jobs: - name: Fetch Cached Artifacts uses: actions/cache@v3 with: - path: ${{ github.workspace }}/build/.out/gateway + path: ${{ github.workspace }}/dist key: nginx-kubernetes-gateway-${{ github.run_id }}-${{ github.run_number }} - name: Docker Buildx uses: docker/setup-buildx-action@v2 + - name: Setup QEMU + uses: docker/setup-qemu-action@v2 + with: + platforms: arm64 - name: Login to GitHub Container Registry uses: docker/login-action@v2 if: ${{ startsWith(github.ref, 'refs/tags') }} @@ -138,17 +166,16 @@ jobs: type=edge type=ref,event=pr type=ref,event=branch,enable=${{ startsWith(github.ref, 'refs/heads/release') }} - flavor: | - latest=true - - name: Build Image Debian + - name: Build Docker Image uses: docker/build-push-action@v3 with: file: build/Dockerfile context: '.' - target: local + target: goreleaser tags: ${{ steps.meta.outputs.tags }} load: ${{ !startsWith(github.ref, 'refs/tags') }} push: ${{ startsWith(github.ref, 'refs/tags') }} + platforms: ${{ startsWith(github.ref, 'refs/tags') && env.platforms || '' }} cache-from: type=gha cache-to: type=gha,mode=max build-args: | diff --git a/.gitignore b/.gitignore index 6299d5ced9..596e428485 100644 --- a/.gitignore +++ b/.gitignore @@ -25,6 +25,7 @@ cover.html # Binary and Artifacts build/.out +dist/ # Node modules node_modules/ diff --git a/.goreleaser.yml b/.goreleaser.yml new file mode 100644 index 0000000000..31d23676a4 --- /dev/null +++ b/.goreleaser.yml @@ -0,0 +1,39 @@ +env: + - CGO_ENABLED=0 + +builds: + - id: gateway + goos: + - linux + goarch: + - amd64 + - arm64 + flags: + - -trimpath + gcflags: + - all=-trimpath={{.Env.GOPATH}} + asmflags: + - all=-trimpath={{.Env.GOPATH}} + main: ./cmd/gateway/ + binary: gateway + +changelog: + skip: true + +checksum: + name_template: 'checksums.txt' + +archives: + - id: gateway + +sboms: + - artifacts: archive + +release: + ids: [gateway] + +blobs: + - provider: azblob + bucket: '{{.Env.AZURE_BUCKET_NAME}}' + extra_files: + - glob: ./dist/**.sbom diff --git a/build/Dockerfile b/build/Dockerfile index b2086e60f5..5d37f97c45 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -1,3 +1,4 @@ +# syntax=docker/dockerfile:1.4 FROM golang:1.19 as builder ARG VERSION ARG GIT_COMMIT @@ -24,6 +25,11 @@ FROM capabilizer as container-capabilizer COPY --from=builder /go/src/github.com/nginxinc/nginx-kubernetes-gateway/cmd/gateway/gateway /usr/bin/ RUN setcap 'cap_kill=+ep' /usr/bin/gateway +FROM capabilizer as goreleaser-capabilizer +ARG TARGETARCH +COPY dist/gateway_linux_$TARGETARCH*/gateway /usr/bin/ +RUN setcap 'cap_kill=+ep' /usr/bin/gateway + FROM scratch as common USER 1001:1001 ENTRYPOINT [ "/usr/bin/gateway" ] @@ -33,3 +39,6 @@ COPY --from=container-capabilizer /usr/bin/gateway /usr/bin/ FROM common as local COPY --from=local-capabilizer /usr/bin/gateway /usr/bin/ + +FROM common as goreleaser +COPY --from=goreleaser-capabilizer /usr/bin/gateway /usr/bin/