From dc4d57bd7fbfb33caaa1386a41f5098679578b04 Mon Sep 17 00:00:00 2001 From: Akash LM Date: Tue, 2 Jan 2024 16:05:59 +0530 Subject: [PATCH 1/3] Add Dockerfile for Cli --- .github/workflows/quality-trace-cli-pr.yaml | 60 +++++++++++++++++++ .../workflows/quality-trace-container-pr.yml | 2 +- .../quality-trace-container-release.yml | 2 +- .../workflows/quality-trace-container.yaml | 2 +- dockerfiles/cli/Dockerfile | 10 ++++ Dockerfile => dockerfiles/server/Dockerfile | 0 6 files changed, 73 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/quality-trace-cli-pr.yaml create mode 100644 dockerfiles/cli/Dockerfile rename Dockerfile => dockerfiles/server/Dockerfile (100%) diff --git a/.github/workflows/quality-trace-cli-pr.yaml b/.github/workflows/quality-trace-cli-pr.yaml new file mode 100644 index 000000000..8a8aa84c5 --- /dev/null +++ b/.github/workflows/quality-trace-cli-pr.yaml @@ -0,0 +1,60 @@ +name: Quality-Trace-Cli Docker Image CI - PR + +on: + pull_request: + branches: + - 'main' + +jobs: + build: + runs-on: ubuntu-latest + env: + REGISTRY: ghcr.io + GH_URL: https://github.com + steps: + - + name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - + name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - uses: docker/setup-buildx-action@v1 + name: Set up Docker Buildx + + - + name: Set up Go environment + uses: actions/setup-go@v4 + with: + go-version: '1.21.1' + + - + name: Build cli + run: make dist/quality-trace + env: + GO111MODULE: on + + - + name: Login to ghcr registry + uses: docker/login-action@v2 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + + - + name: Build and push on PR + uses: docker/build-push-action@v4 + if: github.event_name == 'pull_request' + with: + context: . + file: ./dockerfiles/cli/Dockerfile + push: true + tags: ${{ env.REGISTRY }}/${{ github.repository }}/cli:pr-${{ github.event.pull_request.number }} + build-args: | + "GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}" + diff --git a/.github/workflows/quality-trace-container-pr.yml b/.github/workflows/quality-trace-container-pr.yml index c16f418b0..28306b1a5 100644 --- a/.github/workflows/quality-trace-container-pr.yml +++ b/.github/workflows/quality-trace-container-pr.yml @@ -52,7 +52,7 @@ jobs: if: github.event_name == 'pull_request' with: context: . - file: ./Dockerfile + file: ./dockerfiles/server/Dockerfile push: true tags: ${{ env.REGISTRY }}/${{ github.repository }}:pr-${{ github.event.pull_request.number }} build-args: | diff --git a/.github/workflows/quality-trace-container-release.yml b/.github/workflows/quality-trace-container-release.yml index 7c859b60e..b7558d1f1 100644 --- a/.github/workflows/quality-trace-container-release.yml +++ b/.github/workflows/quality-trace-container-release.yml @@ -39,7 +39,7 @@ jobs: with: push: true context: ./ - file: ./Dockerfile + file: ./dockerfiles/server/Dockerfile tags: ${{ env.REGISTRY }}/${{ github.repository }}:${{ env.RELEASE_VERSION }} - name: Install cosign uses: sigstore/cosign-installer@main diff --git a/.github/workflows/quality-trace-container.yaml b/.github/workflows/quality-trace-container.yaml index fffb151e8..2e5d8feca 100644 --- a/.github/workflows/quality-trace-container.yaml +++ b/.github/workflows/quality-trace-container.yaml @@ -64,7 +64,7 @@ jobs: uses: docker/build-push-action@v4 with: context: . - file: ./Dockerfile + file: ./dockerfiles/server/Dockerfile tags: | ${{ env.REGISTRY }}/${{ github.repository }}:${{ github.run_id }}, ${{ env.REGISTRY }}/${{ github.repository }}:latest diff --git a/dockerfiles/cli/Dockerfile b/dockerfiles/cli/Dockerfile new file mode 100644 index 000000000..ead0f8c40 --- /dev/null +++ b/dockerfiles/cli/Dockerfile @@ -0,0 +1,10 @@ +FROM alpine + +WORKDIR /app + +COPY ./quality-trace /app/quality-trace + +# Adding /app folder on $PATH to allow users to call tracetest cli on docker +ENV PATH="$PATH:/app" + +ENTRYPOINT ["/app/quality-trace"] \ No newline at end of file diff --git a/Dockerfile b/dockerfiles/server/Dockerfile similarity index 100% rename from Dockerfile rename to dockerfiles/server/Dockerfile From c78b9ccee1713e41be1d1ea6fd62cb078354f3a6 Mon Sep 17 00:00:00 2001 From: Akash LM Date: Tue, 2 Jan 2024 16:16:14 +0530 Subject: [PATCH 2/3] updated makefile --- makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefile b/makefile index a8e7a337e..f355c61fc 100644 --- a/makefile +++ b/makefile @@ -16,7 +16,7 @@ PROJECT_ROOT=${PWD} CLI_SRC_FILES := $(shell find cli -type f) dist/quality-trace: generate-cli $(CLI_SRC_FILES) - env GOOS=linux CGO_ENABLED=0 GO111MODULE=on /usr/local/go/bin/go build -o builds/quality-trace-server server/main.go + env GOOS=linux CGO_ENABLED=0 GO111MODULE=on go build -o quality-trace cli/main.go # goreleaser build --single-target --clean --snapshot --id cli # find ./dist -name 'tracetest' -exec cp {} ./dist \; From 2759038c349163d3d4520e6e38d19554daf1b240 Mon Sep 17 00:00:00 2001 From: Akash LM Date: Tue, 2 Jan 2024 19:57:09 +0530 Subject: [PATCH 3/3] Add github actions for cli build --- .../workflows/quality-trace-cli-release.yaml | 70 ++++++++++++++ .github/workflows/quality-trace-cli.yaml | 96 +++++++++++++++++++ dockerfiles/server/Dockerfile | 3 - 3 files changed, 166 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/quality-trace-cli-release.yaml create mode 100644 .github/workflows/quality-trace-cli.yaml diff --git a/.github/workflows/quality-trace-cli-release.yaml b/.github/workflows/quality-trace-cli-release.yaml new file mode 100644 index 000000000..da840b9db --- /dev/null +++ b/.github/workflows/quality-trace-cli-release.yaml @@ -0,0 +1,70 @@ +name: quality-trace-cli docker release +on: + push: + tags: + - "v*.*.*" +jobs: + push_to_registry: + name: Build and push Docker image github container registry. + runs-on: ubuntu-latest + permissions: + packages: write + id-token: write + contents: read + actions: read + security-events: write + env: + REGISTRY: ghcr.io + GH_URL: https://github.com + steps: + - name: Set environment variable + run: | + echo "RELEASE_VERSION=${GITHUB_REF:10}" >> $GITHUB_ENV + + - name: Test environment variable + run: echo ${{ env.RELEASE_VERSION }} + + - name: Check out GitHub repo + uses: actions/checkout@v3 + + - name: Build cli + run: make dist/quality-trace + env: + GO111MODULE: on + + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build image and push to GitHub Container Registry + uses: docker/build-push-action@v4 + with: + push: true + context: ./ + file: ./dockerfiles/cli/Dockerfile + tags: ${{ env.REGISTRY }}/${{ github.repository }}/cli:${{ env.RELEASE_VERSION }} + + - name: Install cosign + uses: sigstore/cosign-installer@main + - name: Sign the images + run: | + cosign sign -y ${{ env.REGISTRY }}/${{ github.repository }}/cli:${{ env.RELEASE_VERSION }} + env: + COSIGN_EXPERIMENTAL: 1 + + - name: Verify the pushed tags + run: cosign verify ${{ env.REGISTRY }}/${{ github.repository }}/cli:${{ env.RELEASE_VERSION }} --certificate-identity ${{ env.GH_URL }}/${{ github.repository }}/.github/workflows/quality-trace-cli-release.yaml@refs/tags/${{ env.RELEASE_VERSION }} --certificate-oidc-issuer https://token.actions.githubusercontent.com + env: + COSIGN_EXPERIMENTAL: 1 + + - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph + uses: aquasecurity/trivy-action@master + with: + scan-type: 'fs' + format: 'github' + output: 'dependency-results.sbom.json' + image-ref: '.' + github-pat: ${{ secrets.GITHUB_TOKEN }} # or ${{ secrets.github_pat_name }} if you're using a PAT diff --git a/.github/workflows/quality-trace-cli.yaml b/.github/workflows/quality-trace-cli.yaml new file mode 100644 index 000000000..d675c10fa --- /dev/null +++ b/.github/workflows/quality-trace-cli.yaml @@ -0,0 +1,96 @@ +name: Quality-Trace Cli Docker Image + +on: + push: + paths-ignore: + - '**.md' + - 'charts/**' + branches: + - 'main' + +jobs: + + build: + + runs-on: ubuntu-latest + permissions: + packages: write + id-token: write + contents: read + actions: read + security-events: write + env: + REGISTRY: ghcr.io + GH_URL: https://github.com + steps: + - name: Checkout GitHub Action + uses: actions/checkout@v3 + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v2 + + - name: Set up Go environment + uses: actions/setup-go@v4 + with: + go-version: '1.21.1' + + - name: Build cli + run: make dist/quality-trace + env: + GO111MODULE: on + + - name: Docker metadata + id: metadata + uses: docker/metadata-action@v4 + with: + images: ${{ env.REGISTRY }}/${{ github.repository }}/cli + tags: | + type=raw,value=latest + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=raw,value={{sha}},enable=${{ github.ref_type != 'tag' }} + flavor: | + latest=true + + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build image and push to GitHub Container Registry + uses: docker/build-push-action@v4 + with: + context: . + file: ./dockerfiles/cli/Dockerfile + tags: | + ${{ env.REGISTRY }}/${{ github.repository }}/cli:${{ github.run_id }}, + ${{ env.REGISTRY }}/${{ github.repository }}/cli:latest + labels: ${{ steps.metadata.outputs.labels }} + + push: true + + - name: Install cosign + uses: sigstore/cosign-installer@main + + - name: Sign the images + run: | + cosign sign -y ${{ env.REGISTRY }}/${{ github.repository }}/cli:${{ github.run_id }} + env: + COSIGN_EXPERIMENTAL: 1 + + - name: Verify the pushed tags + run: cosign verify ${{ env.REGISTRY }}/${{ github.repository }}/cli:${{ github.run_id }} --certificate-identity ${{ env.GH_URL }}/${{ github.repository }}/.github/workflows/quality-trace-cli.yaml@refs/heads/main --certificate-oidc-issuer https://token.actions.githubusercontent.com + env: + COSIGN_EXPERIMENTAL: 1 + + - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph + uses: aquasecurity/trivy-action@master + with: + scan-type: 'fs' + format: 'github' + output: 'dependency-results.sbom.json' + image-ref: '.' + github-pat: ${{ secrets.GITHUB_TOKEN }} diff --git a/dockerfiles/server/Dockerfile b/dockerfiles/server/Dockerfile index c7d28602c..2a6d4ab9f 100644 --- a/dockerfiles/server/Dockerfile +++ b/dockerfiles/server/Dockerfile @@ -4,9 +4,6 @@ WORKDIR /app COPY ./quality-trace-server /app/quality-trace-server -# Adding /app folder on $PATH to allow users to call tracetest cli on docker -ENV PATH="$PATH:/app" - EXPOSE 11633/tcp ENTRYPOINT ["/app/quality-trace-server", "serve"] \ No newline at end of file