diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 19b0b07dd..d554241f9 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -86,7 +86,7 @@ jobs: push-image: if: github.event_name == 'release' && github.event.action== 'published' - name: Push Docker image to GitHub Packages + name: Push OCI images to GitHub Packages runs-on: ubuntu-latest strategy: matrix: @@ -95,72 +95,76 @@ jobs: steps: - name: Check out the repo uses: actions/checkout@v2 - - name: Log in to GitHub Docker Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Build zot container image - uses: docker/build-push-action@v2 + - name: Build and push zot container image + uses: project-stacker/stacker-build-push-action@main with: + file: 'stacker.yaml' build-args: | COMMIT=${{ github.event.release.tag_name }}-${{ github.sha }} OS=${{ matrix.os }} ARCH=${{ matrix.arch }} - push: true - file: Dockerfile - tags: | - ghcr.io/${{ github.repository }}-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }} - ghcr.io/${{ github.repository }}-${{ matrix.os }}-${{ matrix.arch }}:latest - - name: Build zot-minimal container image - uses: docker/build-push-action@v2 + REPO_NAME=zot-${{ matrix.os }}-${{ matrix.arch }} + url: docker://ghcr.io/${{ github.repository_owner }} + tags: ${{ github.event.release.tag_name }} latest + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and push zot-minimal container image + uses: project-stacker/stacker-build-push-action@main with: + file: 'stacker.yaml' build-args: | COMMIT=${{ github.event.release.tag_name }}-${{ github.sha }} - OS=${{ matrix.os }} - ARCH=${{ matrix.arch }} - push: true - file: Dockerfile-minimal - tags: | - ghcr.io/${{ github.repository }}-minimal-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }} - ghcr.io/${{ github.repository }}-minimal-${{ matrix.os }}-${{ matrix.arch }}:latest - - name: Build zot-exporter container image - uses: docker/build-push-action@v2 + OS=${{ matrix.os }} ARCH=${{ matrix.arch }} + EXT=-minimal + REPO_NAME=zot-minimal-${{ matrix.os }}-${{ matrix.arch }} + url: docker://ghcr.io/${{ github.repository_owner }} + tags: ${{ github.event.release.tag_name }} latest + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and push zot-exporter container image + uses: project-stacker/stacker-build-push-action@main with: + file: 'stacker-zxp.yaml' build-args: | COMMIT=${{ github.event.release.tag_name }}-${{ github.sha }} OS=${{ matrix.os }} ARCH=${{ matrix.arch }} - push: true - file: Dockerfile-zxp - tags: | - ghcr.io/${{ github.repository }}-zxp-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }} - ghcr.io/${{ github.repository }}-zxp-${{ matrix.os }}-${{ matrix.arch }}:latest - - name: Build zb container image - uses: docker/build-push-action@v2 + REPO_NAME=zxp-${{ matrix.os }}-${{ matrix.arch }} + url: docker://ghcr.io/${{ github.repository_owner }} + tags: ${{ github.event.release.tag_name }} latest + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and push zb container image + uses: project-stacker/stacker-build-push-action@main with: + file: 'stacker-zb.yaml' build-args: | COMMIT=${{ github.event.release.tag_name }}-${{ github.sha }} OS=${{ matrix.os }} ARCH=${{ matrix.arch }} - push: true - file: Dockerfile-zb - tags: | - ghcr.io/${{ github.repository }}-zb-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }} - ghcr.io/${{ github.repository }}-zb-${{ matrix.os }}-${{ matrix.arch }}:latest + REPO_NAME=zb-${{ matrix.os }}-${{ matrix.arch }} + url: docker://ghcr.io/${{ github.repository_owner }} + tags: ${{ github.event.release.tag_name }} latest + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: image-ref: 'ghcr.io/${{ github.repository }}-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }}' format: 'sarif' output: 'trivy-results.sarif' + env: + TRIVY_USERNAME: ${{ github.actor }} + TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} - name: Run Trivy vulnerability scanner (minimal) uses: aquasecurity/trivy-action@master with: image-ref: 'ghcr.io/${{ github.repository }}-minimal-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }}' format: 'sarif' output: 'trivy-results.sarif' + env: + TRIVY_USERNAME: ${{ github.actor }} + TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v1 with: diff --git a/stacker-zb.yaml b/stacker-zb.yaml new file mode 100644 index 000000000..4fa6ebfdd --- /dev/null +++ b/stacker-zb.yaml @@ -0,0 +1,28 @@ +build: + from: + type: docker + url: docker://ghcr.io/project-zot/golang:1.17 + binds: + - . -> /zotcopy + run: | + export GO111MODULE=on + export GOPATH='/go' + export HOME='/root' + export PATH='/go/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' + mkdir -p /go/src/github.com/project-zot + cd /go/src/github.com/project-zot + git clone /zotcopy zot + cd /go/src/github.com/project-zot/zot + make COMMIT=${{COMMIT}} OS=${{OS}} ARCH=${{ARCH}} clean bench + build_only: true + +"${{REPO_NAME:zb}}": + from: + type: docker + url: docker://centos:latest + import: + - stacker://build/go/src/github.com/project-zot/zot/bin/zb-${{OS}}-${{ARCH}} + run: | + cp /stacker/zb-${{OS}}-${{ARCH}} /usr/bin/zb + entrypoint: + - /usr/bin/zb diff --git a/stacker-zxp.yaml b/stacker-zxp.yaml new file mode 100644 index 000000000..e0d4e71a6 --- /dev/null +++ b/stacker-zxp.yaml @@ -0,0 +1,52 @@ +build: + from: + type: docker + url: docker://ghcr.io/project-zot/golang:1.17 + binds: + - . -> /zotcopy + run: | + export GO111MODULE=on + export GOPATH='/go' + export HOME='/root' + export PATH='/go/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' + mkdir -p /go/src/github.com/project-zot + cd /go/src/github.com/project-zot + git clone /zotcopy zot + cd /go/src/github.com/project-zot/zot + make COMMIT=${{COMMIT}} OS=${{OS}} ARCH=${{ARCH}} clean exporter-minimal + + cat > config.json << EOF + { + "Server":{ + "protocol":"http", + "host": "127.0.0.1", + "port": "5000" + }, + "Exporter":{ + "port":"5001", + "log":{ + "level":"debug" + } + } + } + EOF + + cat config.json + build_only: true + +"${{REPO_NAME:zxp}}": + from: + type: docker + url: docker://centos:latest + import: + - stacker://build/go/src/github.com/project-zot/zot/bin/zxp-${{OS}}-${{ARCH}} + - stacker://build/go/src/github.com/project-zot/zot/config.json + run: | + cp /stacker/zxp-${{OS}}-${{ARCH}} /usr/bin/zxp + mkdir -p /etc/zxp + cp /stacker/config.json /etc/zxp/config.json + entrypoint: + - /usr/bin/zxp + cmd: + - config + - /etc/zxp/config.json diff --git a/stacker.yaml b/stacker.yaml index ca2f9c145..d5f8b87db 100644 --- a/stacker.yaml +++ b/stacker.yaml @@ -3,7 +3,7 @@ build: type: docker url: docker://ghcr.io/project-zot/golang:1.17 binds: - - ${{PWD}} -> /zotcopy + - . -> /zotcopy run: | export GO111MODULE=on export GOPATH='/go' @@ -14,14 +14,43 @@ build: cd /go/src/github.com/project-zot git clone /zotcopy zot cd /go/src/github.com/project-zot/zot - make binary + make COMMIT=${{COMMIT}} OS=${{OS}} ARCH=${{ARCH}} binary${{EXT:}} + cat > config.json << EOF + { + "storage":{ + "rootDirectory":"/var/lib/registry" + }, + "http":{ + "address":"0.0.0.0", + "port":"5000" + }, + "log":{ + "level":"debug" + } + } + EOF + + cat config.json build_only: true -zot: +"${{REPO_NAME:zot}}": from: type: docker url: docker://centos:latest import: - - ${{PWD}}/bin/zot + - stacker://build/go/src/github.com/project-zot/zot/bin/zot-${{OS}}-${{ARCH}}${{EXT:}} + - stacker://build/go/src/github.com/project-zot/zot/config.json + - stacker://build/etc/ssl/certs/ca-certificates.crt run: | - cp /stacker/zot /usr/bin/zot + cp /stacker/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt + cp /stacker/zot-${{OS}}-${{ARCH}}${{EXT:}} /usr/bin/zot + mkdir -p /etc/zot + cp /stacker/config.json /etc/zot/config.json + entrypoint: + - /usr/bin/zot + volumes: + - /var/lib/registry + cmd: + - serve + - /etc/zot/config.json +