-
Notifications
You must be signed in to change notification settings - Fork 51
add cli-stack for binary distribution #3195
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
sampras343
wants to merge
2
commits into
conforma:release-v0.8
Choose a base branch
from
sampras343:cli-stack
base: release-v0.8
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+192
−0
Open
Changes from all commits
Commits
Show all changes
2 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,54 @@ | ||
| apiVersion: tekton.dev/v1 | ||
| kind: PipelineRun | ||
| metadata: | ||
| annotations: | ||
| build.appstudio.openshift.io/repo: https://github.com/conforma/cli?rev={{revision}} | ||
| build.appstudio.redhat.com/commit_sha: '{{revision}}' | ||
| build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' | ||
| build.appstudio.redhat.com/target_branch: '{{target_branch}}' | ||
| pipelinesascode.tekton.dev/max-keep-runs: "3" | ||
| pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch | ||
| == "release-v0.8" | ||
| creationTimestamp: null | ||
| labels: | ||
| appstudio.openshift.io/application: cli-stacks | ||
| appstudio.openshift.io/component: conforma-cli-stack | ||
| pipelines.appstudio.openshift.io/type: build | ||
| name: conforma-cli-stack-on-pull-request | ||
| namespace: rhtas-tenant | ||
| spec: | ||
| params: | ||
| - name: release-version | ||
| value: 1.4.0 | ||
| - name: dockerfile | ||
| value: Dockerfile.cli-stack.rh | ||
| - name: git-url | ||
| value: '{{repo_url}}' | ||
| - name: image-expires-after | ||
| value: 5d | ||
| - name: output-image | ||
| value: quay.io/securesign/conforma-cli-stack:on-pr-{{revision}} | ||
| - name: path-context | ||
| value: . | ||
| - name: revision | ||
| value: '{{revision}}' | ||
| - name: hermetic | ||
| value: "true" | ||
| - name: build-source-image | ||
| value: "true" | ||
| pipelineRef: | ||
| params: | ||
| - name: url | ||
| value: https://github.com/securesign/pipelines.git | ||
| - name: revision | ||
| value: main | ||
simonbaird marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| - name: pathInRepo | ||
| value: pipelines/docker-build-oci-ta.yaml | ||
| resolver: git | ||
| taskRunTemplate: | ||
| serviceAccountName: build-pipeline-conforma-cli-stack | ||
| workspaces: | ||
| - name: git-auth | ||
| secret: | ||
| secretName: '{{ git_auth_secret }}' | ||
| status: {} | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| apiVersion: tekton.dev/v1 | ||
| kind: PipelineRun | ||
| metadata: | ||
| annotations: | ||
| build.appstudio.openshift.io/repo: https://github.com/conforma/cli?rev={{revision}} | ||
| build.appstudio.redhat.com/commit_sha: '{{revision}}' | ||
| build.appstudio.redhat.com/target_branch: '{{target_branch}}' | ||
| pipelinesascode.tekton.dev/max-keep-runs: "3" | ||
| pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch | ||
| == "release-v0.8" | ||
| creationTimestamp: null | ||
| labels: | ||
| appstudio.openshift.io/application: cli-stacks | ||
| appstudio.openshift.io/component: conforma-cli-stack | ||
| pipelines.appstudio.openshift.io/type: build | ||
| name: conforma-cli-stack-on-push | ||
| namespace: rhtas-tenant | ||
| spec: | ||
| params: | ||
| - name: release-version | ||
| value: 1.4.0 | ||
| - name: dockerfile | ||
sampras343 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| value: Dockerfile.cli-stack.rh | ||
| - name: git-url | ||
| value: '{{repo_url}}' | ||
| - name: output-image | ||
| value: quay.io/securesign/conforma-cli-stack:{{revision}} | ||
| - name: path-context | ||
| value: . | ||
| - name: revision | ||
| value: '{{revision}}' | ||
| - name: hermetic | ||
| value: "true" | ||
| - name: build-source-image | ||
| value: "true" | ||
| pipelineRef: | ||
| params: | ||
| - name: url | ||
| value: https://github.com/securesign/pipelines.git | ||
| - name: revision | ||
| value: main | ||
| - name: pathInRepo | ||
| value: pipelines/docker-build-oci-ta.yaml | ||
| resolver: git | ||
| taskRunTemplate: | ||
| serviceAccountName: build-pipeline-conforma-cli-stack | ||
| workspaces: | ||
| - name: git-auth | ||
| secret: | ||
| secretName: '{{ git_auth_secret }}' | ||
| status: {} | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,86 @@ | ||
| # Copyright The Conforma Contributors | ||
| # | ||
| # Licensed under the Apache License, Version 2.0 (the "License"); | ||
| # you may not use this file except in compliance with the License. | ||
| # You may obtain a copy of the License at | ||
| # | ||
| # http://www.apache.org/licenses/LICENSE-2.0 | ||
| # | ||
| # Unless required by applicable law or agreed to in writing, software | ||
| # distributed under the License is distributed on an "AS IS" BASIS, | ||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| # See the License for the specific language governing permissions and | ||
| # limitations under the License. | ||
| # | ||
| # SPDX-License-Identifier: Apache-2.0 | ||
|
|
||
| ## Build | ||
|
|
||
| FROM --platform=linux/amd64 quay.io/redhat-user-workloads/rhtap-contract-tenant/ec-v08/cli-v08@sha256:7d2ecffad4cee873caee676eda74c5acd6254e64bbca8280b1d69f0806426999 AS build-amd64 | ||
simonbaird marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| FROM --platform=linux/arm64 quay.io/redhat-user-workloads/rhtap-contract-tenant/ec-v08/cli-v08@sha256:9f39e82fd59f414bc26207d18588c5ffbf8c9c0ca00e81e68f80f2c39db01657 AS build-arm64 | ||
| FROM --platform=linux/ppc64le quay.io/redhat-user-workloads/rhtap-contract-tenant/ec-v08/cli-v08@sha256:2e385572d9cc508288e5a4cc7a44c22de4266be860e725a7795d4402db1314c0 AS build-ppc64le | ||
| FROM --platform=linux/s390x quay.io/redhat-user-workloads/rhtap-contract-tenant/ec-v08/cli-v08@sha256:e725abfa91aa21d28d2ae5b5c5fa5544bcd3998b48c18d268d981c1ad51d3f1f AS build-s390x | ||
simonbaird marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| # Use "build" to avoid an error from the version checker in | ||
| # https://github.com/conforma/github-workflows/tree/main/golang-version-check | ||
| FROM registry.access.redhat.com/ubi9/go-toolset:1.25.3@sha256:e8938564f866174a6d79e55dfe577c2ed184b1f53e91d782173fb69b07ce69ef AS build | ||
| USER root | ||
| RUN mkdir -p /binaries | ||
|
|
||
| # Native Linux binaries from each arch variant | ||
| COPY --from=build-amd64 /usr/local/bin/ec_linux_amd64.gz /tmp/ec_linux_amd64.gz | ||
| RUN gzip -d /tmp/ec_linux_amd64.gz && \ | ||
| tar -czf /binaries/ec_linux_amd64.tar.gz -C /tmp ec_linux_amd64 && \ | ||
| rm /tmp/ec_linux_amd64 | ||
|
|
||
| COPY --from=build-arm64 /usr/local/bin/ec_linux_arm64.gz /tmp/ec_linux_arm64.gz | ||
| RUN gzip -d /tmp/ec_linux_arm64.gz && \ | ||
| tar -czf /binaries/ec_linux_arm64.tar.gz -C /tmp ec_linux_arm64 && \ | ||
| rm /tmp/ec_linux_arm64 | ||
|
|
||
| COPY --from=build-ppc64le /usr/local/bin/ec_linux_ppc64le.gz /tmp/ec_linux_ppc64le.gz | ||
| RUN gzip -d /tmp/ec_linux_ppc64le.gz && \ | ||
| tar -czf /binaries/ec_linux_ppc64le.tar.gz -C /tmp ec_linux_ppc64le && \ | ||
| rm /tmp/ec_linux_ppc64le | ||
|
|
||
| COPY --from=build-s390x /usr/local/bin/ec_linux_s390x.gz /tmp/ec_linux_s390x.gz | ||
| RUN gzip -d /tmp/ec_linux_s390x.gz && \ | ||
| tar -czf /binaries/ec_linux_s390x.tar.gz -C /tmp ec_linux_s390x && \ | ||
| rm /tmp/ec_linux_s390x | ||
|
|
||
| # Cross-compiled binaries (same across all variants, taken from amd64) | ||
| # Darwin amd64 | ||
| COPY --from=build-amd64 /usr/local/bin/ec_darwin_amd64.gz /tmp/ec_darwin_amd64.gz | ||
| RUN gzip -d /tmp/ec_darwin_amd64.gz && \ | ||
| tar -czf /binaries/ec_darwin_amd64.tar.gz -C /tmp ec_darwin_amd64 && \ | ||
| rm /tmp/ec_darwin_amd64 | ||
|
|
||
| # Darwin arm64 | ||
| COPY --from=build-amd64 /usr/local/bin/ec_darwin_arm64.gz /tmp/ec_darwin_arm64.gz | ||
| RUN gzip -d /tmp/ec_darwin_arm64.gz && \ | ||
| tar -czf /binaries/ec_darwin_arm64.tar.gz -C /tmp ec_darwin_arm64 && \ | ||
| rm /tmp/ec_darwin_arm64 | ||
|
|
||
| # Windows amd64 | ||
| COPY --from=build-amd64 /usr/local/bin/ec_windows_amd64.exe.gz /tmp/ec_windows_amd64.exe.gz | ||
| RUN gzip -d /tmp/ec_windows_amd64.exe.gz && \ | ||
| tar -czf /binaries/ec_windows_amd64.tar.gz -C /tmp ec_windows_amd64.exe && \ | ||
| rm /tmp/ec_windows_amd64.exe | ||
|
|
||
| # Final minimal image with all binaries | ||
| FROM registry.access.redhat.com/ubi9/ubi-minimal:latest@sha256:83006d535923fcf1345067873524a3980316f51794f01d8655be55d6e9387183 | ||
|
|
||
| LABEL description="Flat image containing Conforma CLI binaries for all platforms and architectures" | ||
| LABEL io.k8s.description="Flat image containing Conforma CLI binaries for all platforms and architectures" | ||
| LABEL io.opencontainers.image.description="Flat image containing Conforma CLI binaries for all platforms and architectures" | ||
| LABEL io.k8s.display-name="Conforma CLI stack image for Red Hat Trusted Artifact Signer" | ||
| LABEL io.openshift.tags="conforma trusted-artifact-signer cli-stack" | ||
| LABEL summary="Provides Conforma CLI binaries as tar.gz archives for CDN distribution." | ||
| LABEL com.redhat.component="conforma-cli-stack" | ||
|
|
||
| COPY --from=build /binaries/ /binaries/ | ||
| COPY --from=build-amd64 /licenses/ /licenses/ | ||
|
|
||
| RUN chown -R root:0 /binaries && chmod -R g+r /binaries | ||
|
|
||
| USER 65532:65532 | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.