From 1d0f73bbbe1ecf443c6b3e307273ef73c39281d2 Mon Sep 17 00:00:00 2001 From: Nicolas-Peiffer <102670102+Nicolas-Peiffer@users.noreply.github.com> Date: Thu, 31 Oct 2024 18:50:35 +0100 Subject: [PATCH] Use a debian_version var Signed-off-by: Nicolas-Peiffer <102670102+Nicolas-Peiffer@users.noreply.github.com> --- .github/workflows/base-container-build.yaml | 31 ++++++++++++++++++- ...ign-trivy-syft-x86-arm64-non-root-usr.base | 4 ++- ...-cosign-trivy-syft-x86-arm64-root-usr.base | 4 ++- 3 files changed, 36 insertions(+), 3 deletions(-) diff --git a/.github/workflows/base-container-build.yaml b/.github/workflows/base-container-build.yaml index 70e3e2d..013aeb1 100644 --- a/.github/workflows/base-container-build.yaml +++ b/.github/workflows/base-container-build.yaml @@ -29,14 +29,30 @@ jobs: - name: Checkout source code uses: actions/checkout@v4 - - name: Extract Versions from Containerfile + - name: Extract Tools Versions from Containerfile id: extract run: | # Extract values from the Containerfile GOLANG_VERSION=$(grep -m1 'ARG GOLANG_VERSION=' $CONTAINERFILE_NAME | cut -d'=' -f2) echo "GOLANG_VERSION=${GOLANG_VERSION}" >> $GITHUB_OUTPUT + GORELEASER_VERSION=$(grep -m1 'ARG GORELEASER_VERSION=' $CONTAINERFILE_NAME | cut -d'=' -f2) echo "GORELEASER_VERSION=${GORELEASER_VERSION}" >> $GITHUB_OUTPUT + + TRIVY_VERSION=$(grep -m1 'ARG TRIVY_VERSION=' $CONTAINERFILE_NAME | cut -d'=' -f2) + echo "TRIVY_VERSION=${TRIVY_VERSION}" >> $GITHUB_OUTPUT + + COSIGN_VERSION=$(grep -m1 'ARG COSIGN_VERSION=' $CONTAINERFILE_NAME | cut -d'=' -f2) + echo "COSIGN_VERSION=${COSIGN_VERSION}" >> $GITHUB_OUTPUT + + KO_VERSION=$(grep -m1 'ARG KO_VERSION=' $CONTAINERFILE_NAME | cut -d'=' -f2) + echo "KO_VERSION=${KO_VERSION}" >> $GITHUB_OUTPUT + + SYFT_VERSION=$(grep -m1 'ARG SYFT_VERSION=' $CONTAINERFILE_NAME | cut -d'=' -f2) + echo "SYFT_VERSION=${SYFT_VERSION}" >> $GITHUB_OUTPUT + + DEBIAN_VERSION=$(grep -m1 'ARG DEBIAN_VERSION=' $CONTAINERFILE_NAME | cut -d'=' -f2) + echo "DEBIAN_VERSION=${DEBIAN_VERSION}" >> $GITHUB_OUTPUT - name: Container metadata and tags uses: docker/metadata-action@v5 @@ -45,8 +61,21 @@ jobs: images: ghcr.io/${{ github.repository }}-base tags: | type=ref,event=branch + # use tools version as tags type=raw,value=golang-${{ steps.extract.outputs.golang_version }} type=raw,value=goreleaser-${{ steps.extract.outputs.goreleaser_version }} + type=raw,value=cosign-${{ steps.extract.outputs.cosign_version }} + type=raw,value=ko-${{ steps.extract.outputs.ko_version }} + type=raw,value=trivy-${{ steps.extract.outputs.trivy_version }} + type=raw,value=syft-${{ steps.extract.outputs.syft_version }} + + type=raw,value=golang-${{ steps.extract.outputs.golang_version }}-${{ steps.extract.outputs.debian_version}} + type=raw,value=goreleaser-${{ steps.extract.outputs.goreleaser_version }}-${{ steps.extract.outputs.debian_version}} + type=raw,value=cosign-${{ steps.extract.outputs.cosign_version }}-${{ steps.extract.outputs.debian_version}} + type=raw,value=ko-${{ steps.extract.outputs.ko_version }}-${{ steps.extract.outputs.debian_version}} + type=raw,value=trivy-${{ steps.extract.outputs.trivy_version }}-${{ steps.extract.outputs.debian_version}} + type=raw,value=syft-${{ steps.extract.outputs.syft_version }}-${{ steps.extract.outputs.debian_version}} + # minimal (short sha) type=sha # full length sha diff --git a/Containerfile.goreleaser-ko-cosign-trivy-syft-x86-arm64-non-root-usr.base b/Containerfile.goreleaser-ko-cosign-trivy-syft-x86-arm64-non-root-usr.base index c08b337..1255b22 100644 --- a/Containerfile.goreleaser-ko-cosign-trivy-syft-x86-arm64-non-root-usr.base +++ b/Containerfile.goreleaser-ko-cosign-trivy-syft-x86-arm64-non-root-usr.base @@ -28,13 +28,15 @@ ARG KO_VERSION=0.16.0 # goreleaser v2.1.0 ships with go1.22.5 ARG GORELEASER_VERSION=2.1.0 +ARG DEBIAN_VERSION=bookworm + # Builder image's registry # A Debian Bookworm based GoLang image is chosen over "docker.io/goreleaser/goreleaser" Alpine based # goreleaser official image (https://hub.docker.com/r/goreleaser/goreleaser), # because debian uses glibc and Alpine uses libc musl. ARG BUILDER_IMAGE_REGISTRY=docker.io/library ARG BUILDER_IMAGE_NAME=golang -ARG BUILDER_IMAGE_TAG=${GOLANG_VERSION}-bookworm +ARG BUILDER_IMAGE_TAG=${GOLANG_VERSION}-${DEBIAN_VERSION} # For OCI labels ARG BASE_REGISTRY=${BUILDER_IMAGE_REGISTRY} diff --git a/Containerfile.goreleaser-ko-cosign-trivy-syft-x86-arm64-root-usr.base b/Containerfile.goreleaser-ko-cosign-trivy-syft-x86-arm64-root-usr.base index e203b90..816e04b 100644 --- a/Containerfile.goreleaser-ko-cosign-trivy-syft-x86-arm64-root-usr.base +++ b/Containerfile.goreleaser-ko-cosign-trivy-syft-x86-arm64-root-usr.base @@ -28,13 +28,15 @@ ARG KO_VERSION=0.16.0 # goreleaser v2.1.0 ships with go1.22.5 ARG GORELEASER_VERSION=2.1.0 +ARG DEBIAN_VERSION=bookworm + # Builder image's registry # A Debian Bookworm based GoLang image is chosen over "docker.io/goreleaser/goreleaser" Alpine based # goreleaser official image (https://hub.docker.com/r/goreleaser/goreleaser), # because debian uses glibc and Alpine uses libc musl. ARG BUILDER_IMAGE_REGISTRY=docker.io/library ARG BUILDER_IMAGE_NAME=golang -ARG BUILDER_IMAGE_TAG=${GOLANG_VERSION}-bookworm +ARG BUILDER_IMAGE_TAG=${GOLANG_VERSION}-${DEBIAN_VERSION} # For OCI labels ARG BASE_REGISTRY=${BUILDER_IMAGE_REGISTRY}