Merge pull request #90 from Keyfactor/container

chore: Modify GitHub Actions workflow
Keyfactor · Oct 10, 2023 · 16471ec · 16471ec
2 parents 5636ae0 + fa294e6
commit 16471ec
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 31 deletions.
diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
@@ -1,18 +1,10 @@
-name: Build and Release
+name: Build and Release Container
 on:
+  release:
+    types: [released]
   push:
     branches:
       - '*'
-  pull_request:
-    branches:
-      - 'release-*'
-    types:
-      # action should run when the pull request is closed
-      # (regardless of whether it was merged or just closed)
-      - closed
-      # Make sure the action runs every time new commits are
-      # pushed to the pull request's branch
-      - synchronize
 
 env:
   REGISTRY: ghcr.io
@@ -25,10 +17,13 @@ jobs:
       fail-fast: false
       matrix:
         platform:
-          - linux/arm64
+          - linux/386
           - linux/amd64
-          - linux/s390x
+          - linux/arm/v6
+          - linux/arm/v7
+          - linux/arm64/v8
           - linux/ppc64le
+          - linux/s390x
 
     permissions:
       contents: read
@@ -46,12 +41,16 @@ jobs:
         uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
 
       # Extract metadata (tags, labels) for Docker
+      # If the pull request is not merged, do not include the edge tag and only include the sha tag.
       # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
-        id: meta
         uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
         with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          images: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=semver,pattern=v{{version}}
+            type=sha
 
       # Set up QEMU
       # https://github.com/docker/setup-qemu-action
@@ -81,21 +80,19 @@ jobs:
         with:
           context: .
           platforms: ${{ matrix.platform }}
-          labels: ${{ steps.meta.outputs.labels }}
-          push: ${{ github.event.pull_request.merged == true }}
+          labels: ${{ env.DOCKER_METADATA_OUTPUT_LABELS }}
+          push: true
           outputs: type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true
 
       # Export digest
       - name: Export digest
-        if: github.event.pull_request.merged == true
         run: |
           mkdir -p /tmp/digests
           digest="${{ steps.build.outputs.digest }}"
           touch "/tmp/digests/${digest#sha256:}"
 
       # Upload digest
       - name: Upload digest
-        if: github.event.pull_request.merged == true
         uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         with:
           name: digests
@@ -104,8 +101,8 @@ jobs:
           retention-days: 1
 
   merge:
+    name: Merge Container Manifests
     runs-on: ubuntu-latest
-    if: github.event.pull_request.merged == true
     needs:
       - build
     steps:
@@ -128,12 +125,16 @@ jobs:
         uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
 
       # Extract metadata (tags, labels) for Docker
+      # If the pull request is not merged, do not include the edge tag and only include the sha tag.
       # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
-        id: meta
         uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
         with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          images: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=semver,pattern=v{{version}}
+            type=sha
 
       # Login to Docker registry
       # https://github.com/docker/login-action
@@ -148,9 +149,18 @@ jobs:
       - name: Create manifest list and push
         working-directory: /tmp/digests
         run: |
-          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-            $(printf '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *)
+          # Base command to create a manifest list with the selected tag(s) and push
+          CMD="docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *)"
+          
+          # If the branch is 'release-*', add the 'edge' tag
+          if [[ "${{ github.ref }}" == refs/heads/release-* ]]; then
+            CMD="$CMD -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:edge"
+          fi
+          
+          # Execute the command
+          eval "$CMD"
 
       - name: Inspect image
         run: |
-          docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }}
+          docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.DOCKER_METADATA_OUTPUT_VERSION }}
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
 # Build the kfutil binary
-FROM golang:1.19 as builder
+FROM golang:1.20 as builder
 ARG TARGETOS
 ARG TARGETARCH
 
@@ -23,13 +23,9 @@ COPY pkg/ pkg/
 # by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
 RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o kfutil main.go
 
-FROM ubuntu:latest
+FROM alpine:latest
 WORKDIR /
 COPY --from=builder /workspace/kfutil /usr/local/bin/kfutil
 
-# Install ca-certificates so that HTTPS works consistently
-RUN apt-get update
-RUN apt-get install ca-certificates -y
-
 # Spin forever so that the container doesn't exit and the user can exec into it
 ENTRYPOINT ["tail", "-f", "/dev/null"]