point to tetrate, tweak ci, filters

Author: M4tteoP

.circleci/config.yml

@@ -81,20 +81,11 @@ workflows:
             only: /^(main|master|release-.*|.*build-all.*)$/
           tags:
             only: /^v.*/
+    # Build and publish images to the tetrate container image registry.
+    # Filters have been tweaked to use this job for release tags, not for publishing master.
     - prometheus/publish_master:
-        context: org-context
-        docker_hub_organization: prometheuscommunity
-        quay_io_organization: prometheuscommunity
-        requires:
-        - test
-        - build_all
-        filters:
-          branches:
-            only: master
-    - prometheus/publish_release:
-        context: org-context
-        docker_hub_organization: prometheuscommunity
-        quay_io_organization: prometheuscommunity
+        context: org-global
+        docker_hub_organization: tetrate
         requires:
         - test
         - build_all
@@ -103,3 +94,25 @@ workflows:
             only: /^v.*/
           branches:
             ignore: /.*/
+    # - prometheus/publish_master:
+    #     context: org-context
+    #     docker_hub_organization: prometheuscommunity
+    #     quay_io_organization: prometheuscommunity
+    #     requires:
+    #     - test
+    #     - build_all
+    #     filters:
+    #       branches:
+    #         only: master
+    # - prometheus/publish_release:
+    #     context: org-context
+    #     docker_hub_organization: prometheuscommunity
+    #     # quay_io_organization: prometheuscommunity
+    #     requires:
+    #     - test
+    #     - build_all
+    #     filters:
+    #       tags:
+    #         only: /^v.*/
+    #       branches:
+    #         ignore: /.*/

Makefile

@@ -3,7 +3,7 @@ all::
 
 # Needs to be defined before including Makefile.common to auto-generate targets
 DOCKER_ARCHS ?= amd64 armv7 arm64 ppc64le
-DOCKER_REPO  ?= prometheuscommunity
+DOCKER_REPO  ?= tetrate
 
 include Makefile.common
 

README.md

@@ -445,3 +445,12 @@ docker run -p 5432:5432 -e POSTGRES_DB=circle_test -e POSTGRES_USER=postgres -e
 # Run the integration tests
 DATA_SOURCE_NAME='postgresql://postgres:test@localhost:5432/circle_test?sslmode=disable' GOOPTS='-v -tags integration' make test
 ```
+
+# **Tetrate CVE builds**
+Upstream is not fixing CVEs reported by security scanners, but not applicable to postgres_exporter image.
+These false positives can be fixed by cutting tetrate specific patch releases as follows:
+- Push a commit to a release branch in our fork (e.g. `release-v0.18.1` branch) with the changes to fix the CVEs.
+  - In this PR, include changes to the `VERSION` file to the new version name following the pattern `<current-version>-tetrate-v<patch-number>`. For example `v0.18.1-tetrate-v0` is the first CVEs fixing patch for `v0.18.1`.
+- Once the PR is approved and merged:
+  - Create the tag and push it to the repository.
+  - CircleCI will automatically build the images and push them to the [tetrate docker hub repository](https://hub.docker.com/r/tetrate/postgres_exporter).