diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 3741990..a8d55c4 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -40,6 +40,7 @@ jobs: release: permissions: packages: write + id-token: write needs: tag if: needs.tag.outputs.new-tag == 'true' runs-on: ubuntu-latest @@ -52,6 +53,12 @@ jobs: uses: actions/setup-go@v5 with: go-version: stable + - name: Login to GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Set up environment run: echo "GOVERSION=$(go version)" >> "$GITHUB_ENV" - name: Install Cosign @@ -63,58 +70,3 @@ jobs: args: release --clean env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Tar up binaries - run: tar -cvf dist.tar dist - - name: Upload binaries tar file - uses: actions/upload-artifact@v3 - with: - name: dist.tar - path: dist.tar - releaseimage: - strategy: - matrix: - binary: - - go-cli-github - needs: - - tag - - release - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Download binaries tar file - uses: actions/download-artifact@v3 - with: - name: dist.tar - - name: Untar binaries - run: tar -xvf dist.tar - - name: Login to GHCR - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Docker metadata - # this id is namespaced per matrix run - id: docker_metadata - uses: docker/metadata-action@v5 - with: - images: ghcr.io/${{ github.repository }}/${{ matrix.binary }} - tags: | - ${{ needs.tag.outputs.new-tag-version }} - latest - - name: Build and push ${{ matrix.binary }} container image - id: docker_build - uses: docker/build-push-action@v5 - with: - push: true - tags: ${{ steps.docker_metadata.outputs.tags }} - labels: ${{ steps.docker_metadata.outputs.labels }} - file: deploy/${{ matrix.binary }}/Dockerfile - context: dist/${{ matrix.binary }}_linux_amd64_v1 - - name: Install Cosign - uses: sigstore/cosign-installer@v3.2.0 - - name: Sign the container image - run: > - echo "${{ steps.docker_metadata.outputs.tags }}" | - while read -r tag; do cosign sign --yes "$tag"; done diff --git a/.goreleaser.yml b/.goreleaser.yml index bc701cf..b8dc280 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -10,8 +10,16 @@ builds: -X "main.version={{.Version}}" env: - CGO_ENABLED=0 + goos: + - linux + - darwin + goarch: + - amd64 + - arm64 + sboms: - artifacts: archive + signs: - cmd: cosign signature: "${artifact}.sig" @@ -23,3 +31,36 @@ signs: - "${artifact}" - "--yes" artifacts: checksum + +dockers: +- image_templates: + - "smlx/go-cli-github:{{ .Version }}-amd64" + use: buildx + dockerfile: deploy/go-cli-github/Dockerfile + build_flag_templates: + - "--platform=linux/amd64" +- image_templates: + - "smlx/go-cli-github:{{ .Version }}-arm64v8" + use: buildx + goarch: arm64 + dockerfile: deploy/go-cli-github/Dockerfile + build_flag_templates: + - "--platform=linux/arm64/v8" + +docker_manifests: +- name_template: "smlx/go-cli-github:{{ .Version }}" + image_templates: + - "foo/bar:{{ .Version }}-amd64" + - "foo/bar:{{ .Version }}-arm64v8" +- name_template: "smlx/go-cli-github:latest" + image_templates: + - "foo/bar:{{ .Version }}-amd64" + - "foo/bar:{{ .Version }}-arm64v8" + +docker_signs: +- args: + - "sign" + - "${artifact}@${digest}" + - "--yes" + artifacts: all + output: true diff --git a/deploy/go-cli-github/Dockerfile b/deploy/go-cli-github/Dockerfile index 3a63a18..0ae55c3 100644 --- a/deploy/go-cli-github/Dockerfile +++ b/deploy/go-cli-github/Dockerfile @@ -1,3 +1,3 @@ -FROM alpine:3.16 +FROM alpine:3.19 ENTRYPOINT ["/go-cli-github"] COPY go-cli-github /