Merge pull request #37 from intelops/cli

Add Dockerfile for Cli
intelops · Jan 9, 2024 · 713d467 · 713d467
2 parents b5a6283 + 2759038
commit 713d467
Show file tree

Hide file tree

Showing 9 changed files with 240 additions and 7 deletions.
diff --git a/.github/workflows/quality-trace-cli-pr.yaml b/.github/workflows/quality-trace-cli-pr.yaml
@@ -0,0 +1,60 @@
+name: Quality-Trace-Cli Docker Image CI - PR
+
+on:
+  pull_request:
+    branches:
+      - 'main'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      REGISTRY: ghcr.io
+      GH_URL: https://github.com
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+        with:
+            fetch-depth: 0
+
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - uses: docker/setup-buildx-action@v1
+        name: Set up Docker Buildx
+
+      -
+        name: Set up Go environment
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.21.1'
+
+      - 
+        name: Build cli
+        run: make dist/quality-trace
+        env:
+          GO111MODULE: on
+
+      -
+        name: Login to ghcr registry
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+
+      -
+        name: Build and push on PR
+        uses: docker/build-push-action@v4
+        if: github.event_name == 'pull_request'
+        with:
+          context: .
+          file: ./dockerfiles/cli/Dockerfile
+          push: true
+          tags: ${{ env.REGISTRY }}/${{ github.repository }}/cli:pr-${{ github.event.pull_request.number }}
+          build-args: |
+            "GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}"
+ 
diff --git a/.github/workflows/quality-trace-cli-release.yaml b/.github/workflows/quality-trace-cli-release.yaml
@@ -0,0 +1,70 @@
+name: quality-trace-cli docker release
+on:
+  push:
+    tags:
+      - "v*.*.*"
+jobs:
+  push_to_registry:
+    name: Build and push Docker image github container registry.
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      id-token: write
+      contents: read
+      actions: read
+      security-events: write
+    env:
+      REGISTRY: ghcr.io
+      GH_URL: https://github.com
+    steps:
+      - name: Set environment variable
+        run: |
+          echo "RELEASE_VERSION=${GITHUB_REF:10}" >> $GITHUB_ENV
+
+      - name: Test environment variable
+        run: echo ${{ env.RELEASE_VERSION }}
+
+      - name: Check out GitHub repo
+        uses: actions/checkout@v3
+
+      - name: Build cli
+        run: make dist/quality-trace
+        env:
+          GO111MODULE: on
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build image and push to GitHub Container Registry
+        uses: docker/build-push-action@v4
+        with:
+          push: true
+          context: ./
+          file: ./dockerfiles/cli/Dockerfile
+          tags: ${{ env.REGISTRY }}/${{ github.repository }}/cli:${{ env.RELEASE_VERSION }}
+
+      - name: Install cosign
+        uses: sigstore/cosign-installer@main
+      - name: Sign the images
+        run: |
+          cosign sign -y ${{ env.REGISTRY }}/${{ github.repository }}/cli:${{ env.RELEASE_VERSION }}
+        env:
+          COSIGN_EXPERIMENTAL: 1
+
+      - name: Verify the pushed tags
+        run: cosign verify ${{ env.REGISTRY }}/${{ github.repository }}/cli:${{ env.RELEASE_VERSION }} --certificate-identity ${{ env.GH_URL }}/${{ github.repository }}/.github/workflows/quality-trace-cli-release.yaml@refs/tags/${{ env.RELEASE_VERSION }}  --certificate-oidc-issuer https://token.actions.githubusercontent.com
+        env:
+          COSIGN_EXPERIMENTAL: 1
+
+      - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          format: 'github'
+          output: 'dependency-results.sbom.json'
+          image-ref: '.'
+          github-pat: ${{ secrets.GITHUB_TOKEN }} # or ${{ secrets.github_pat_name }} if you're using a PAT
diff --git a/.github/workflows/quality-trace-cli.yaml b/.github/workflows/quality-trace-cli.yaml
@@ -0,0 +1,96 @@
+name: Quality-Trace Cli Docker Image
+
+on:
+  push:
+    paths-ignore:
+      - '**.md'
+      - 'charts/**'
+    branches:
+      - 'main'
+
+jobs:
+
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      id-token: write
+      contents: read
+      actions: read
+      security-events: write
+    env:
+      REGISTRY: ghcr.io
+      GH_URL: https://github.com
+    steps:
+      - name: Checkout GitHub Action
+        uses: actions/checkout@v3
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Set up Go environment
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.21.1'
+
+      - name: Build cli
+        run: make dist/quality-trace
+        env:
+          GO111MODULE: on
+
+      - name: Docker metadata
+        id: metadata
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ env.REGISTRY }}/${{ github.repository }}/cli
+          tags: |
+            type=raw,value=latest
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=raw,value={{sha}},enable=${{ github.ref_type != 'tag' }}
+          flavor: |
+            latest=true
+            
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build image and push to GitHub Container Registry
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file:  ./dockerfiles/cli/Dockerfile
+          tags: |
+            ${{ env.REGISTRY }}/${{ github.repository }}/cli:${{ github.run_id }},
+            ${{ env.REGISTRY }}/${{ github.repository }}/cli:latest
+          labels: ${{ steps.metadata.outputs.labels }}
+
+          push: true
+
+      - name: Install cosign
+        uses: sigstore/cosign-installer@main
+
+      - name: Sign the images
+        run: |
+          cosign sign -y ${{ env.REGISTRY }}/${{ github.repository }}/cli:${{ github.run_id }}
+        env:
+          COSIGN_EXPERIMENTAL: 1
+
+      - name: Verify the pushed tags
+        run: cosign verify ${{ env.REGISTRY }}/${{ github.repository }}/cli:${{ github.run_id }} --certificate-identity ${{ env.GH_URL }}/${{ github.repository }}/.github/workflows/quality-trace-cli.yaml@refs/heads/main  --certificate-oidc-issuer https://token.actions.githubusercontent.com
+        env:
+          COSIGN_EXPERIMENTAL: 1
+
+      - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          format: 'github'
+          output: 'dependency-results.sbom.json'
+          image-ref: '.'
+          github-pat: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/quality-trace-container-pr.yml b/.github/workflows/quality-trace-container-pr.yml
@@ -52,7 +52,7 @@ jobs:
         if: github.event_name == 'pull_request'
         with:
           context: .
-          file: ./Dockerfile
+          file: ./dockerfiles/server/Dockerfile
           push: true
           tags: ${{ env.REGISTRY }}/${{ github.repository }}:pr-${{ github.event.pull_request.number }}
           build-args: |

diff --git a/.github/workflows/quality-trace-container-release.yml b/.github/workflows/quality-trace-container-release.yml
@@ -39,7 +39,7 @@ jobs:
         with:
           push: true
           context: ./
-          file: ./Dockerfile
+          file: ./dockerfiles/server/Dockerfile
           tags: ${{ env.REGISTRY }}/${{ github.repository }}:${{ env.RELEASE_VERSION }}
       - name: Install cosign
         uses: sigstore/cosign-installer@main

diff --git a/.github/workflows/quality-trace-container.yaml b/.github/workflows/quality-trace-container.yaml
@@ -64,7 +64,7 @@ jobs:
         uses: docker/build-push-action@v4
         with:
           context: .
-          file:  ./Dockerfile
+          file:  ./dockerfiles/server/Dockerfile
           tags: |
             ${{ env.REGISTRY }}/${{ github.repository }}:${{ github.run_id }},
             ${{ env.REGISTRY }}/${{ github.repository }}:latest

diff --git a/dockerfiles/cli/Dockerfile b/dockerfiles/cli/Dockerfile
@@ -0,0 +1,10 @@
+FROM alpine
+
+WORKDIR /app
+
+COPY ./quality-trace /app/quality-trace
+
+# Adding /app folder on $PATH to allow users to call tracetest cli on docker
+ENV PATH="$PATH:/app"
+
+ENTRYPOINT ["/app/quality-trace"]
diff --git a/Dockerfile → dockerfiles/server/Dockerfile b/Dockerfile → dockerfiles/server/Dockerfile
@@ -4,9 +4,6 @@ WORKDIR /app
 
 COPY ./quality-trace-server /app/quality-trace-server
 
-# Adding /app folder on $PATH to allow users to call tracetest cli on docker
-ENV PATH="$PATH:/app"
-
 EXPOSE 11633/tcp
 
 ENTRYPOINT ["/app/quality-trace-server", "serve"]
diff --git a/makefile b/makefile
@@ -16,7 +16,7 @@ PROJECT_ROOT=${PWD}
 
 CLI_SRC_FILES := $(shell find cli -type f)
 dist/quality-trace: generate-cli $(CLI_SRC_FILES)
-	env GOOS=linux CGO_ENABLED=0 GO111MODULE=on /usr/local/go/bin/go build -o builds/quality-trace-server server/main.go
+	env GOOS=linux CGO_ENABLED=0 GO111MODULE=on go build -o quality-trace cli/main.go
 #	goreleaser build --single-target --clean --snapshot --id cli
 #	find ./dist -name 'tracetest' -exec cp {} ./dist \;