Publish binaries and multi-arch docker images

**What** - Create a multiarch docker image that pre-compiles the certifier tests so that the tests are more portable - Update vendor folder to use latest openfaas projects - Add Github Actions workflow to publish Docker images and binaries on tags - reorganize CI scripts Signed-off-by: Lucas Roesler <[email protected]>
openfaas · Nov 22, 2020 · 9e0becf · 9e0becf
1 parent 30c5ee5
commit 9e0becf
Show file tree

Hide file tree

Showing 63 changed files with 11,321 additions and 897 deletions.
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
@@ -0,0 +1,74 @@
+name: publish
+
+on:
+  push:
+    tags:
+      - '*'
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        uses: actions/checkout@master
+        with:
+          fetch-depth: 1
+      -
+        name: Docker meta
+        id: meta
+        uses: crazy-max/ghaction-docker-meta@v1
+        with:
+          images: "ghcr.io/${{ github.repository }}"
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      -
+        name: Docker Login
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      -
+        name: Docker Build and Push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64,linux/arm/v7,linux/arm64
+          target: release
+          build-args: |
+            VERSION=${{ steps.meta.outputs.version }}
+            GIT_COMMIT=${{ github.sha }}
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+      -
+        name: Build binaries
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfile.redist
+          platforms: linux/amd64
+          build-args: |
+            VERSION=${{ steps.meta.outputs.version }}
+            GIT_COMMIT=${{ github.sha }}
+          load: true
+          push: false
+          tags: ghcr.io/openfaas/certifier:latest
+      -
+        name: Copy binaries to host
+        run: ./ci/copy_redist.sh
+      -
+        name: Create SHA of binaries
+        run: ./ci/hashgen.sh
+      -
+        name: Upload binaries and their SHA to Github Release
+        uses: alexellis/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          asset_paths: '["./bin/certifier*"]'
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,4 @@
 .idea
 functions/build
 functions/template
+bin
diff --git a/.travis.yml b/.travis.yml
@@ -51,3 +51,5 @@ jobs:
         - arkade install openfaas --basic-auth=false
         - kubectl rollout status -n openfaas deploy/gateway -w
       script: make test-kubernetes
+    - name: build
+      script: make build
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,60 @@
+ARG goversion=1.14
+ARG alpineversion=3.11
+
+FROM teamserverless/license-check:0.3.9 as license-check
+
+FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:$goversion as builder
+
+ARG TARGETPLATFORM
+ARG BUILDPLATFORM
+ARG TARGETOS
+ARG TARGETARCH
+ARG GIT_COMMIT="000000"
+ARG VERSION="dev"
+
+ENV CGO_ENABLED=0
+ENV GO111MODULE=on
+ENV GOFLAGS=-mod=vendor
+
+COPY --from=license-check /license-check /usr/bin/
+
+WORKDIR /app
+COPY go.mod .
+COPY go.sum .
+COPY tests ./tests
+COPY version ./version
+COPY vendor ./vendor
+
+RUN license-check -path /app --verbose=false "Alex Ellis" "OpenFaaS Author(s)"
+RUN gofmt -l -d $(find . -type f -name '*.go' -not -path "./vendor/*")
+RUN CGO_ENABLED=${CGO_ENABLED} GOOS=${TARGETOS} GOARCH=${TARGETARCH} \
+    go test -c -o certifier \
+    -ldflags "\
+    -X github.com/openfaas/certifier/version.Commit=$GIT_COMMIT \
+    -X github.com/openfaas/certifier/version.Version=$VERSION" \
+    ./tests
+
+FROM --platform=${TARGETPLATFORM:-linux/amd64} alpine:$alpineversion as release
+LABEL org.label-schema.license="MIT" \
+    org.label-schema.vcs-url="https://github.com/openfaas/certifier" \
+    org.label-schema.vcs-type="Git" \
+    org.label-schema.name="openfaas/certifier" \
+    org.label-schema.vendor="openfaas" \
+    org.label-schema.docker.schema-version="1.0"
+
+RUN apk --no-cache --update add ca-certificates
+
+ARG USER=default
+ENV HOME /home/$USER
+
+# install sudo as root
+RUN apk add --update sudo
+
+# add new user
+RUN adduser -D $USER
+USER $USER
+WORKDIR $HOME
+
+COPY --from=builder /app/certifier /bin/certifier
+
+ENTRYPOINT [ "/bin/certifier" ]
diff --git a/Dockerfile.redist b/Dockerfile.redist
@@ -0,0 +1,80 @@
+ARG goversion=1.14
+ARG alpineversion=3.11
+
+FROM teamserverless/license-check:0.3.9 as license-check
+
+# Build stage
+FROM golang:$goversion as builder
+
+ARG GIT_COMMIT="000000"
+ARG VERSION="dev"
+
+ENV CGO_ENABLED=0
+ENV GO111MODULE=on
+ENV GOFLAGS=-mod=vendor
+
+COPY --from=license-check /license-check /usr/bin/
+
+WORKDIR /app
+COPY go.mod .
+COPY go.sum .
+COPY tests ./tests
+COPY version ./version
+COPY vendor ./vendor
+
+RUN license-check -path /app --verbose=false "Alex Ellis" "OpenFaaS Author(s)"
+RUN gofmt -l -d $(find . -type f -name '*.go' -not -path "./vendor/*")
+
+
+# ldflags "-s -w" strips binary
+# ldflags -X injects commit version into binary
+
+# use multiple stages here because buildkit will run these in parallel,
+# if possible
+FROM builder as linux
+RUN CGO_ENABLED=0 GOOS=linux go test -c --ldflags "-s -w \
+    -X github.com/openfaas/certifier/version.Commit=${GIT_COMMIT} \
+    -X github.com/openfaas/certifier/version.Version=${VERSION}" \
+    -a -installsuffix cgo -o certifier \
+    ./tests
+
+FROM builder as darwin
+RUN CGO_ENABLED=0 GOOS=darwin go test -c --ldflags "-s -w \
+    -X github.com/openfaas/certifier/version.Commit=${GIT_COMMIT} \
+    -X github.com/openfaas/certifier/version.Version=${VERSION}" \
+    -a -installsuffix cgo -o certifier-darwin \
+    ./tests
+
+FROM builder as windows
+RUN CGO_ENABLED=0 GOOS=windows go test -c --ldflags "-s -w \
+    -X github.com/openfaas/certifier/version.Commit=${GIT_COMMIT} \
+    -X github.com/openfaas/certifier/version.Version=${VERSION}" \
+    -a -installsuffix cgo -o certifier.exe \
+    ./tests
+
+FROM builder as arm
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=arm GOARM=6 go test -c --ldflags "-s -w \
+    -X github.com/openfaas/certifier/version.Commit=${GIT_COMMIT} \
+    -X github.com/openfaas/certifier/version.Version=${VERSION}" \
+    -a -installsuffix cgo -o certifier-armhf \
+    ./tests
+
+FROM builder as arm64
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go test -c --ldflags "-s -w \
+    -X github.com/openfaas/certifier/version.Commit=${GIT_COMMIT} \
+    -X github.com/openfaas/certifier/version.Version=${VERSION}" \
+    -a -installsuffix cgo -o certifier-arm64 \
+    ./tests
+
+# Release stage
+FROM scratch
+
+WORKDIR /bin
+
+COPY --from=linux /app/certifier         /bin
+COPY --from=darwin /app/certifier-darwin /bin
+COPY --from=arm /app/certifier-armhf     /bin
+COPY --from=windows /app/certifier.exe   /bin
+COPY --from=arm64 /app/certifier-arm64   /bin
+
+CMD ["/bin/certifier"]
diff --git a/Gopkg.lock b/Gopkg.lock
diff --git a/Gopkg.toml b/Gopkg.toml
diff --git a/Makefile b/Makefile
@@ -1,3 +1,15 @@
+.GIT_COMMIT=$(shell git rev-parse HEAD)
+.GIT_VERSION=$(shell git describe --tags --always --dirty 2>/dev/null)
+.GIT_UNTRACKEDCHANGES := $(shell git status --porcelain --untracked-files=no)
+ifneq ($(.GIT_UNTRACKEDCHANGES),)
+	.GIT_VERSION := $(.GIT_VERSION)-$(shell date +"%s")
+endif
+
+
+.IMAGE=ghcr.io/openfaas/certifier
+TAG?=latest
+export DOCKER_CLI_EXPERIMENTAL=enabled
+
 OPENFAAS_URL?=http://127.0.0.1:8080/
 
 GOFLAGS := -mod=vendor
@@ -23,9 +35,16 @@ clean-swarm:
 clean-kubernetes:
 	- kubectl delete -n openfaas-fn deploy,svc ${.TEST_FUNCTIONS} 2>/dev/null || : ;
 
+.PHONY: lint
 lint:
+	@echo "+ $@"
 	@golangci-lint version
-	golangci-lint run --timeout=1m ./...
+	@golangci-lint run --timeout=1m ./...
+
+.PHONY: fmt
+fmt:
+	@echo "+ $@"
+	@gofmt -s -l ./tests | tee /dev/stderr
 
 .TEST_FLAGS= # additional test flags, e.g. -run ^Test_ScaleFromZeroDuringIvoke$
 .FEATURE_FLAGS= # set config feature flags, e.g. -swarm
@@ -35,3 +54,19 @@ test-swarm: clean-swarm
 
 test-kubernetes: clean-kubernetes
 	time go test -count=1 ./tests -v -gateway=${OPENFAAS_URL} ${.FEATURE_FLAGS} ${.TEST_FLAGS}
+
+
+build:
+	docker build \
+		--build-arg GIT_COMMIT=${.GIT_COMMIT} \
+		--build-arg VERSION=${.GIT_VERSION} \
+		-t ${.IMAGE}:${TAG} .
+
+
+redist:
+	@docker build \
+		--build-arg GIT_COMMIT=${.GIT_COMMIT} \
+		--build-arg VERSION=${.GIT_VERSION} \
+		-f Dockerfile.redist \
+		-t ${.IMAGE}:${TAG} .
+	@./copy_redist.sh ${TAG}
diff --git a/ci/copy_redist.sh b/ci/copy_redist.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+export NAME=certifier
+export IMAGE=ghcr.io/openfaas/certifier
+export eTAG="latest"
+echo "$1"
+if [ "$1" ] ; then
+  eTAG=$1
+fi
+
+docker create --name "$NAME" "${IMAGE}:${eTAG}" \
+    && mkdir -p ./bin \
+    && docker cp "$NAME":/bin .
+docker rm -f "$NAME"
diff --git a/ci/hashgen.sh b/ci/hashgen.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+# ":" separated list of paths to folders that contain
+# executable binaries that should be shasum'd
+BINARIES=./bin
+
+IFS=':'
+for directory in $BINARIES; do
+    cd "$directory" || exit 1
+    for f in * ; do # Scanning files in direcotry
+        if [ -x $f ]; then
+            shasum -a 256 $f > $f.sha256
+        fi
+    done
+done