diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 19b0b07dd..9f0f657c6 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -86,7 +86,7 @@ jobs: push-image: if: github.event_name == 'release' && github.event.action== 'published' - name: Push Docker image to GitHub Packages + name: Push OCI images to GitHub Packages runs-on: ubuntu-latest strategy: matrix: @@ -95,72 +95,89 @@ jobs: steps: - name: Check out the repo uses: actions/checkout@v2 - - name: Log in to GitHub Docker Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Build zot container image - uses: docker/build-push-action@v2 + - name: Build and push zot container image + uses: project-stacker/stacker-build-push-action@main with: + file: 'stacker.yaml' build-args: | COMMIT=${{ github.event.release.tag_name }}-${{ github.sha }} OS=${{ matrix.os }} ARCH=${{ matrix.arch }} - push: true - file: Dockerfile - tags: | - ghcr.io/${{ github.repository }}-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }} - ghcr.io/${{ github.repository }}-${{ matrix.os }}-${{ matrix.arch }}:latest - - name: Build zot-minimal container image - uses: docker/build-push-action@v2 + REPO_NAME=zot-${{ matrix.os }}-${{ matrix.arch }} + url: docker://ghcr.io/${{ github.repository_owner }} + tags: ${{ github.event.release.tag_name }} latest + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Run zot container image + run: | + docker run docker://ghcr.io/${{ github.repository_owner }}/zot-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }} + - name: Build and push zot-minimal container image + uses: project-stacker/stacker-build-push-action@main with: + file: 'stacker.yaml' build-args: | COMMIT=${{ github.event.release.tag_name }}-${{ github.sha }} OS=${{ matrix.os }} ARCH=${{ matrix.arch }} - push: true - file: Dockerfile-minimal - tags: | - ghcr.io/${{ github.repository }}-minimal-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }} - ghcr.io/${{ github.repository }}-minimal-${{ matrix.os }}-${{ matrix.arch }}:latest - - name: Build zot-exporter container image - uses: docker/build-push-action@v2 + EXT=-minimal + REPO_NAME=zot-minimal-${{ matrix.os }}-${{ matrix.arch }} + url: docker://ghcr.io/${{ github.repository_owner }} + tags: ${{ github.event.release.tag_name }} latest + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Run zot-minimal container image + run: | + docker run docker://ghcr.io/${{ github.repository_owner }}/zot-minimal-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }} + - name: Build and push zot-exporter container image + uses: project-stacker/stacker-build-push-action@main with: + file: 'stacker-zxp.yaml' build-args: | COMMIT=${{ github.event.release.tag_name }}-${{ github.sha }} OS=${{ matrix.os }} ARCH=${{ matrix.arch }} - push: true - file: Dockerfile-zxp - tags: | - ghcr.io/${{ github.repository }}-zxp-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }} - ghcr.io/${{ github.repository }}-zxp-${{ matrix.os }}-${{ matrix.arch }}:latest - - name: Build zb container image - uses: docker/build-push-action@v2 + REPO_NAME=zxp-${{ matrix.os }}-${{ matrix.arch }} + url: docker://ghcr.io/${{ github.repository_owner }} + tags: ${{ github.event.release.tag_name }} latest + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Run zot-exporter container image + run: | + docker run docker://ghcr.io/${{ github.repository_owner }}/zxp-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }} + - name: Build and push zb container image + uses: project-stacker/stacker-build-push-action@main with: + file: 'stacker-zb.yaml' build-args: | COMMIT=${{ github.event.release.tag_name }}-${{ github.sha }} OS=${{ matrix.os }} ARCH=${{ matrix.arch }} - push: true - file: Dockerfile-zb - tags: | - ghcr.io/${{ github.repository }}-zb-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }} - ghcr.io/${{ github.repository }}-zb-${{ matrix.os }}-${{ matrix.arch }}:latest + REPO_NAME=zb-${{ matrix.os }}-${{ matrix.arch }} + url: docker://ghcr.io/${{ github.repository_owner }} + tags: ${{ github.event.release.tag_name }} latest + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Run zb container image + run: | + docker run docker://ghcr.io/${{ github.repository_owner }}/zb-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: image-ref: 'ghcr.io/${{ github.repository }}-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }}' format: 'sarif' output: 'trivy-results.sarif' + env: + TRIVY_USERNAME: ${{ github.actor }} + TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} - name: Run Trivy vulnerability scanner (minimal) uses: aquasecurity/trivy-action@master with: image-ref: 'ghcr.io/${{ github.repository }}-minimal-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }}' format: 'sarif' output: 'trivy-results.sarif' + env: + TRIVY_USERNAME: ${{ github.actor }} + TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v1 with: diff --git a/.github/workflows/oci-conformance-action.yml b/.github/workflows/oci-conformance-action.yml index 03b44dada..fc279112b 100644 --- a/.github/workflows/oci-conformance-action.yml +++ b/.github/workflows/oci-conformance-action.yml @@ -18,25 +18,19 @@ jobs: runs-on: ubuntu-latest # Steps represent a sequence of tasks that will be executed as part of the job steps: - - name: setup docker - uses: docker-practice/actions-setup-docker@0.0.1 - with: - docker_version: 18.09 - docker_channel: stable - - name: checkout this PR - uses: actions/checkout@v2 + - name: Install go 1.17 + uses: actions/setup-go@v2 with: - ref: ${{ github.event.pull_request.head.sha }} - path: zot - repository: project-zot/zot - - name: start zot server + go-version: 1.17.x + - name: Checkout this PR + uses: actions/checkout@v2 + - name: Start zot server run: | - cd ./zot + cd $GITHUB_WORKSPACE + make binary + RUNNER_TRACKING_ID="" && ./bin/zot-linux-amd64 serve examples/config-conformance.json & IP=`hostname -I | awk '{print $1}'` - echo "SERVER_URL=http://${IP}:5000" >> $GITHUB_ENV - IMAGE_REF="local-zot:v$(date +%Y%m%d%H%M%S)" - docker build -f ./Dockerfile-conformance -t "${IMAGE_REF}" . - docker run --rm -p 5000:5000 -v "$(pwd)":/go/src/github.com/project-zot/zot -idt "${IMAGE_REF}" + echo "SERVER_URL=http://${IP}:8080" >> $GITHUB_ENV - name: Run OCI Distribution Spec conformance tests uses: opencontainers/distribution-spec@main env: diff --git a/examples/config-conformance.json b/examples/config-conformance.json index 71e2ea612..104c49b7e 100644 --- a/examples/config-conformance.json +++ b/examples/config-conformance.json @@ -6,7 +6,7 @@ "dedupe": false }, "http": { - "address":"127.0.0.1", + "address":"0.0.0.0", "port":"8080" }, "log":{ diff --git a/stacker-conformance.yaml b/stacker-conformance.yaml new file mode 100644 index 000000000..0c259801a --- /dev/null +++ b/stacker-conformance.yaml @@ -0,0 +1,57 @@ +build: + from: + type: docker + url: docker://ghcr.io/project-zot/golang:1.17 + binds: + - . -> /zotcopy + run: | + export GO111MODULE=on + export GOPATH='/go' + export HOME='/root' + export PATH='/go/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' + go get -u github.com/swaggo/swag/cmd/swag + mkdir -p /go/src/github.com/project-zot + cd /go/src/github.com/project-zot + git clone /zotcopy zot + cd /go/src/github.com/project-zot/zot + make COMMIT=${{COMMIT}} OS=${{OS}} ARCH=${{ARCH}} binary + cat > config.json << EOF + { + "storage":{ + "rootDirectory":"/var/lib/registry", + "gc": false, + "dedupe": false + }, + "http":{ + "address":"0.0.0.0", + "port":"5000" + }, + "log":{ + "level":"debug" + } + } + EOF + + cat config.json + build_only: true + +"${{REPO_NAME:zot}}": + from: + type: docker + url: docker://centos:latest + import: + - stacker://build/go/src/github.com/project-zot/zot/bin/zot-${{OS}}-${{ARCH}} + - stacker://build/go/src/github.com/project-zot/zot/config.json + - stacker://build/etc/ssl/certs/ca-certificates.crt + run: | + cp /stacker/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt + cp /stacker/zot-${{OS}}-${{ARCH}} /usr/bin/zot + mkdir -p /etc/zot + cp /stacker/config.json /etc/zot/config.json + entrypoint: + - /usr/bin/zot + volumes: + - /var/lib/registry + cmd: + - serve + - /etc/zot/config.json diff --git a/stacker-zb.yaml b/stacker-zb.yaml new file mode 100644 index 000000000..4fa6ebfdd --- /dev/null +++ b/stacker-zb.yaml @@ -0,0 +1,28 @@ +build: + from: + type: docker + url: docker://ghcr.io/project-zot/golang:1.17 + binds: + - . -> /zotcopy + run: | + export GO111MODULE=on + export GOPATH='/go' + export HOME='/root' + export PATH='/go/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' + mkdir -p /go/src/github.com/project-zot + cd /go/src/github.com/project-zot + git clone /zotcopy zot + cd /go/src/github.com/project-zot/zot + make COMMIT=${{COMMIT}} OS=${{OS}} ARCH=${{ARCH}} clean bench + build_only: true + +"${{REPO_NAME:zb}}": + from: + type: docker + url: docker://centos:latest + import: + - stacker://build/go/src/github.com/project-zot/zot/bin/zb-${{OS}}-${{ARCH}} + run: | + cp /stacker/zb-${{OS}}-${{ARCH}} /usr/bin/zb + entrypoint: + - /usr/bin/zb diff --git a/stacker-zxp.yaml b/stacker-zxp.yaml new file mode 100644 index 000000000..e0d4e71a6 --- /dev/null +++ b/stacker-zxp.yaml @@ -0,0 +1,52 @@ +build: + from: + type: docker + url: docker://ghcr.io/project-zot/golang:1.17 + binds: + - . -> /zotcopy + run: | + export GO111MODULE=on + export GOPATH='/go' + export HOME='/root' + export PATH='/go/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' + mkdir -p /go/src/github.com/project-zot + cd /go/src/github.com/project-zot + git clone /zotcopy zot + cd /go/src/github.com/project-zot/zot + make COMMIT=${{COMMIT}} OS=${{OS}} ARCH=${{ARCH}} clean exporter-minimal + + cat > config.json << EOF + { + "Server":{ + "protocol":"http", + "host": "127.0.0.1", + "port": "5000" + }, + "Exporter":{ + "port":"5001", + "log":{ + "level":"debug" + } + } + } + EOF + + cat config.json + build_only: true + +"${{REPO_NAME:zxp}}": + from: + type: docker + url: docker://centos:latest + import: + - stacker://build/go/src/github.com/project-zot/zot/bin/zxp-${{OS}}-${{ARCH}} + - stacker://build/go/src/github.com/project-zot/zot/config.json + run: | + cp /stacker/zxp-${{OS}}-${{ARCH}} /usr/bin/zxp + mkdir -p /etc/zxp + cp /stacker/config.json /etc/zxp/config.json + entrypoint: + - /usr/bin/zxp + cmd: + - config + - /etc/zxp/config.json diff --git a/stacker.yaml b/stacker.yaml index ca2f9c145..d5f8b87db 100644 --- a/stacker.yaml +++ b/stacker.yaml @@ -3,7 +3,7 @@ build: type: docker url: docker://ghcr.io/project-zot/golang:1.17 binds: - - ${{PWD}} -> /zotcopy + - . -> /zotcopy run: | export GO111MODULE=on export GOPATH='/go' @@ -14,14 +14,43 @@ build: cd /go/src/github.com/project-zot git clone /zotcopy zot cd /go/src/github.com/project-zot/zot - make binary + make COMMIT=${{COMMIT}} OS=${{OS}} ARCH=${{ARCH}} binary${{EXT:}} + cat > config.json << EOF + { + "storage":{ + "rootDirectory":"/var/lib/registry" + }, + "http":{ + "address":"0.0.0.0", + "port":"5000" + }, + "log":{ + "level":"debug" + } + } + EOF + + cat config.json build_only: true -zot: +"${{REPO_NAME:zot}}": from: type: docker url: docker://centos:latest import: - - ${{PWD}}/bin/zot + - stacker://build/go/src/github.com/project-zot/zot/bin/zot-${{OS}}-${{ARCH}}${{EXT:}} + - stacker://build/go/src/github.com/project-zot/zot/config.json + - stacker://build/etc/ssl/certs/ca-certificates.crt run: | - cp /stacker/zot /usr/bin/zot + cp /stacker/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt + cp /stacker/zot-${{OS}}-${{ARCH}}${{EXT:}} /usr/bin/zot + mkdir -p /etc/zot + cp /stacker/config.json /etc/zot/config.json + entrypoint: + - /usr/bin/zot + volumes: + - /var/lib/registry + cmd: + - serve + - /etc/zot/config.json +