point to tetrate, tweak ci, custom job

Author: M4tteoP

.circleci/config.yml

@@ -45,6 +45,23 @@ jobs:
     - run: make build
     - run: make test
 
+# Customized prometheus/publish_master to use our docker variables.
+# See:
+# - https://circleci.com/developer/orbs/orb/prometheus/prometheus
+# - https://github.com/prometheus/circleci
+
+  publish_images:
+    docker:
+      - image: cimg/go:1.24
+    steps:
+      - prometheus/setup_build_environment:
+        docker_version: ""
+      - prometheus/publish_images:
+          registry: docker.io
+          organization: tetrate
+          login_variable: DOCKER_USER
+          password_variable: DOCKER_PASS
+
 workflows:
   version: 2
   postgres_exporter:
@@ -81,25 +98,36 @@ workflows:
             only: /^(main|master|release-.*|.*build-all.*)$/
           tags:
             only: /^v.*/
-    - prometheus/publish_master:
-        context: org-context
-        docker_hub_organization: prometheuscommunity
-        quay_io_organization: prometheuscommunity
-        requires:
-        - test
-        - build_all
-        filters:
-          branches:
-            only: master
-    - prometheus/publish_release:
-        context: org-context
-        docker_hub_organization: prometheuscommunity
-        quay_io_organization: prometheuscommunity
+    # Build and publish images to the tetrate container image registry.
+    - publish_images:
+        context: org-global
         requires:
-        - test
-        - build_all
+          - test
+          - build_all
         filters:
           tags:
             only: /^v.*/
           branches:
             ignore: /.*/
+    # - prometheus/publish_master:
+    #     context: org-context
+    #     docker_hub_organization: prometheuscommunity
+    #     quay_io_organization: prometheuscommunity
+    #     requires:
+    #     - test
+    #     - build_all
+    #     filters:
+    #       branches:
+    #         only: master
+    # - prometheus/publish_release:
+    #     context: org-context
+    #     docker_hub_organization: prometheuscommunity
+    #     # quay_io_organization: prometheuscommunity
+    #     requires:
+    #     - test
+    #     - build_all
+    #     filters:
+    #       tags:
+    #         only: /^v.*/
+    #       branches:
+    #         ignore: /.*/

Makefile

@@ -3,7 +3,7 @@ all::
 
 # Needs to be defined before including Makefile.common to auto-generate targets
 DOCKER_ARCHS ?= amd64 armv7 arm64 ppc64le
-DOCKER_REPO  ?= prometheuscommunity
+DOCKER_REPO  ?= tetrate
 
 include Makefile.common
 

README.md

@@ -445,3 +445,12 @@ docker run -p 5432:5432 -e POSTGRES_DB=circle_test -e POSTGRES_USER=postgres -e
 # Run the integration tests
 DATA_SOURCE_NAME='postgresql://postgres:test@localhost:5432/circle_test?sslmode=disable' GOOPTS='-v -tags integration' make test
 ```
+
+# **Tetrate CVE builds**
+Upstream is not fixing CVEs reported by security scanners, but not applicable to postgres_exporter image.
+These false positives can be fixed by cutting tetrate specific patch releases as follows:
+- Push a commit to a release branch in our fork (e.g. `release-v0.18.1` branch) with the changes to fix the CVEs.
+  - In this PR, include changes to the `VERSION` file to the new version name following the pattern `<current-version>-tetrate-v<patch-number>`. For example `v0.18.1-tetrate-v0` is the first CVEs fixing patch for `v0.18.1`.
+- Once the PR is approved and merged:
+  - Create the tag and push it to the repository.
+  - CircleCI will automatically build the images and push them to the [tetrate docker hub repository](https://hub.docker.com/r/tetrate/postgres_exporter).