diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml index 18b020c7..cce203ab 100644 --- a/.github/workflows/dev.yml +++ b/.github/workflows/dev.yml @@ -112,7 +112,7 @@ jobs: with: context: . platforms: linux/amd64,linux/arm64 - file: ./deployment/docker/dev/buildx.Dockerfile + file: ./deployment/docker/prod/buildx.Dockerfile push: true tags: semaphoreui/semaphore:develop diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 71e5db69..503d1ed9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,31 +5,31 @@ on: - v* jobs: -# release: -# runs-on: [ubuntu-latest] -# steps: -# - uses: actions/setup-go@v3 -# with: { go-version: 1.18 } -# -# - uses: actions/setup-node@v3 -# with: { node-version: '16' } -# -# - run: go install github.com/go-task/task/v3/cmd/task@latest -# -# - run: sudo apt update && sudo apt-get install rpm -# -# - uses: actions/checkout@v3 -# -# - run: task deps -# -# - run: | -# echo ${{ secrets.GPG_KEY }} | tr " " "\n" | base64 -d | gpg --import --batch -# gpg --sign -u "58A7 CC3D 8A9C A2E5 BB5C 141D 4064 23EA F814 63CA" --pinentry-mode loopback --yes --batch --passphrase "${{ secrets.GPG_PASS }}" --output unlock.sig --detach-sign README.md -# rm -f unlock.sig -# -# - run: git reset --hard -# -# - run: GITHUB_TOKEN=${{ secrets.GH_TOKEN }} task release:prod + release: + runs-on: [ubuntu-latest] + steps: + - uses: actions/setup-go@v3 + with: { go-version: 1.18 } + + - uses: actions/setup-node@v3 + with: { node-version: '16' } + + - run: go install github.com/go-task/task/v3/cmd/task@latest + + - run: sudo apt update && sudo apt-get install rpm + + - uses: actions/checkout@v3 + + - run: task deps + + - run: | + echo ${{ secrets.GPG_KEY }} | tr " " "\n" | base64 -d | gpg --import --batch + gpg --sign -u "58A7 CC3D 8A9C A2E5 BB5C 141D 4064 23EA F814 63CA" --pinentry-mode loopback --yes --batch --passphrase "${{ secrets.GPG_PASS }}" --output unlock.sig --detach-sign README.md + rm -f unlock.sig + + - run: git reset --hard + + - run: GITHUB_TOKEN=${{ secrets.GH_TOKEN }} task release:prod deploy-prod: @@ -42,7 +42,7 @@ jobs: - uses: actions/checkout@v3 - - run: context=prod task docker:test +# - run: context=prod task docker:test - uses: docker/setup-qemu-action@v2 diff --git a/Taskfile.yml b/Taskfile.yml index 8eec220a..d3512d62 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -127,7 +127,7 @@ tasks: desc: Build a binary for the current architecture dir: cli cmds: - - go build -o ../bin/semaphore{{ if eq OS "windows" }}.exe{{ end }} + - env GOOS={{ .GOOS }} GOARCH={{ .GOARCH }} go build -o ../bin/semaphore{{ if eq OS "windows" }}.exe{{ end }} release: desc: creates a release without performing validations or publishing artifacts @@ -249,7 +249,6 @@ tasks: prefix: -dredd args: up - docker:build: desc: Build an image for Semaphore, requires context vars: @@ -262,18 +261,6 @@ tasks: tag: "{{ .tag }}" args: -t "{{ .docker_namespace }}/{{ .docker_image }}:{{ .tag }}" . - docker:buildx: - desc: Build a multiarch image for Semaphore, requires context - vars: - tag: "{{ if .tag }}{{ .tag }}{{ else }}latest{{ end }}" - cmds: - - task: docker - vars: - context: "{{ .context }}" - action: buildx build - tag: "{{ .tag }}" - args: --platform=linux/amd64,linux/arm64 -t "{{ .docker_namespace }}/{{ .docker_image }}:{{ .tag }}" . - deps:docker: desc: Install docker testing dependencies. These must be installed explicitly and are not included in the general deps task. status: diff --git a/deployment/docker/dev/buildx.Dockerfile b/deployment/docker/dev/buildx.Dockerfile deleted file mode 100644 index 4506dad5..00000000 --- a/deployment/docker/dev/buildx.Dockerfile +++ /dev/null @@ -1,47 +0,0 @@ -ARG BUILDPLATFORM=linux/amd64 - -FROM --platform=$BUILDPLATFORM golang:1.18.3-alpine3.16 - -ARG TARGETOS=linux -ARG TARGETARCH=amd64 -ENV GOOS="${TARGETOS}" -ENV GOARCH="${TARGETARCH}" - -ENV SEMAPHORE_VERSION="development" SEMAPHORE_ARCH="${TARGETOS}_${TARGETARCH}" \ - SEMAPHORE_CONFIG_PATH="${SEMAPHORE_CONFIG_PATH:-/etc/semaphore}" \ - APP_ROOT="/go/src/github.com/ansible-semaphore/semaphore/" - -# hadolint ignore=DL3013 -RUN apk add --no-cache sshpass git mysql-client python3 py3-pip py-openssl openssl ca-certificates curl curl-dev openssh-client-default tini nodejs npm bash rsync && \ - apk --update add --virtual build-dependencies python3-dev libffi-dev openssl-dev build-base &&\ - rm -rf /var/cache/apk/* - -RUN pip3 install --upgrade pip cffi && \ - pip3 install ansible &&\ - apk del build-dependencies - -RUN adduser -D -u 1002 -g 0 semaphore && \ - mkdir -p /go/src/github.com/ansible-semaphore/semaphore && \ - mkdir -p /tmp/semaphore && \ - mkdir -p /etc/semaphore && \ - mkdir -p /var/lib/semaphore && \ - chown -R semaphore:0 /go && \ - chown -R semaphore:0 /tmp/semaphore && \ - chown -R semaphore:0 /etc/semaphore && \ - chown -R semaphore:0 /var/lib/semaphore && \ - ssh-keygen -t rsa -q -f "/root/.ssh/id_rsa" -N "" && \ - ssh-keyscan -H github.com > /root/.ssh/known_hosts - -RUN cd $(go env GOPATH) && curl -sL https://taskfile.dev/install.sh | sh - -RUN git config --global --add safe.directory /go/src/github.com/ansible-semaphore/semaphore - -# Copy in app source -WORKDIR ${APP_ROOT} -COPY . ${APP_ROOT} -RUN deployment/docker/dev/bin/install - -USER semaphore -EXPOSE 3000 -ENTRYPOINT ["/usr/local/bin/semaphore-wrapper"] -CMD ["./bin/semaphore", "server", "--config", "/etc/semaphore/config.json"] diff --git a/deployment/docker/prod/Dockerfile b/deployment/docker/prod/Dockerfile index 39a9d098..3136a693 100644 --- a/deployment/docker/prod/Dockerfile +++ b/deployment/docker/prod/Dockerfile @@ -1,23 +1,13 @@ -ARG BUILDPLATFORM=linux/amd64 - # ansible-semaphore production image -FROM --platform=$BUILDPLATFORM golang:1.18.3-alpine3.16 as builder - +FROM golang:1.18.3-alpine3.16 as builder COPY ./ /go/src/github.com/ansible-semaphore/semaphore WORKDIR /go/src/github.com/ansible-semaphore/semaphore -ARG TARGETOS=linux -ARG TARGETARCH=amd64 -ENV GOOS="${TARGETOS}" -ENV GOARCH="${TARGETARCH}" - RUN apk add --no-cache -U libc-dev curl nodejs npm git && \ ./deployment/docker/prod/bin/install -# Uses frolvlad alpine so we have access to glibc which is needed for golang -# and when deploying in openshift -FROM frolvlad/alpine-glibc:alpine-3.16 as runner +FROM alpine:3.16 as runner LABEL maintainer="Tom Whiston " RUN apk add --no-cache sshpass git curl ansible mysql-client openssh-client-default tini py3-aiohttp && \ diff --git a/deployment/docker/prod/bin/install b/deployment/docker/prod/bin/install index 8da9bf8b..4cea1417 100755 --- a/deployment/docker/prod/bin/install +++ b/deployment/docker/prod/bin/install @@ -10,7 +10,8 @@ task deps set +e task compile set -e -task build:local + +task build:local GOOS=$GOOS GOARCH=$GOARCH mv ./bin/semaphore /usr/local/bin/ chown 1001:0 /usr/local/bin/semaphore diff --git a/deployment/docker/prod/buildx.Dockerfile b/deployment/docker/prod/buildx.Dockerfile index 39a9d098..9fa990fb 100644 --- a/deployment/docker/prod/buildx.Dockerfile +++ b/deployment/docker/prod/buildx.Dockerfile @@ -1,23 +1,16 @@ -ARG BUILDPLATFORM=linux/amd64 - # ansible-semaphore production image FROM --platform=$BUILDPLATFORM golang:1.18.3-alpine3.16 as builder - COPY ./ /go/src/github.com/ansible-semaphore/semaphore WORKDIR /go/src/github.com/ansible-semaphore/semaphore -ARG TARGETOS=linux -ARG TARGETARCH=amd64 -ENV GOOS="${TARGETOS}" -ENV GOARCH="${TARGETARCH}" +ARG TARGETOS +ARG TARGETARCH -RUN apk add --no-cache -U libc-dev curl nodejs npm git && \ - ./deployment/docker/prod/bin/install +RUN apk add --no-cache -U libc-dev curl nodejs npm git +RUN GOOS=${TARGETOS} GOARCH=${TARGETARCH} ./deployment/docker/prod/bin/install -# Uses frolvlad alpine so we have access to glibc which is needed for golang -# and when deploying in openshift -FROM frolvlad/alpine-glibc:alpine-3.16 as runner +FROM alpine:3.16 as runner LABEL maintainer="Tom Whiston " RUN apk add --no-cache sshpass git curl ansible mysql-client openssh-client-default tini py3-aiohttp && \ @@ -33,7 +26,9 @@ COPY --from=builder /usr/local/bin/semaphore-wrapper /usr/local/bin/ COPY --from=builder /usr/local/bin/semaphore /usr/local/bin/ RUN chown -R semaphore:0 /usr/local/bin/semaphore-wrapper &&\ - chown -R semaphore:0 /usr/local/bin/semaphore + chown -R semaphore:0 /usr/local/bin/semaphore &&\ + chmod +x /usr/local/bin/semaphore-wrapper &&\ + chmod +x /usr/local/bin/semaphore WORKDIR /home/semaphore USER 1001