update release pipeline

Signed-off-by: bupd <bupdprasanth@gmail.com> update docker publish Signed-off-by: bupd <bupdprasanth@gmail.com> echo everything Signed-off-by: bupd <bupdprasanth@gmail.com> check Signed-off-by: bupd <bupdprasanth@gmail.com> fix agin Signed-off-by: bupd <bupdprasanth@gmail.com> add environment Signed-off-by: bupd <bupdprasanth@gmail.com> update Signed-off-by: bupd <bupdprasanth@gmail.com>
goharbor · Oct 22, 2024 · fbf63d0 · fbf63d0
1 parent 90f544f
commit fbf63d0
Show file tree

Hide file tree

Showing 2 changed files with 124 additions and 18 deletions.
diff --git a/.github/workflows/docker_publish.yml b/.github/workflows/docker_publish.yml
@@ -8,9 +8,45 @@ on:
       - "v*"
 
 jobs:
+  github-get-tags:
+    runs-on: ubuntu-latest
+    environment: production
+    steps:
+      - name: GitHub Tag Name example
+        run: |
+          echo "Tag name from GITHUB_REF_NAME: $GITHUB_REF_NAME"
+          echo "Tag name from github.ref_name: ${{  github.ref_name }}"
+          echo "cosign password: ${{  secrets.COSIGN_PASSWORD }}"
+          echo "reg password: ${{  secrets.REGISTRY_PASSWORD  }}"
+          echo "reg password: ${{  secrets.doesnotexist  }}"
+          echo "reg username: ${{  env.REGISTRY_USERNAME }}"
+          echo "publish publish-address: ${{ vars.PUBLISH_ADDRESS }}"
   docker-publish:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      packages: write
+    environment: production
+    env:
+      COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+      COSIGN_KEY: ${{ secrets.COSIGN_KEY }}
+      REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
+      REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
+      PUBLISH_ADDRESS: ${{ vars.PUBLISH_ADDRESS }}
+      TAG: ${{ github.ref_name }}
+
     steps:
+      - name: Debugging
+        run: |
+          echo "COSIGN_KEY: ${{ secrets.COSIGN_KEY }}"
+          echo "COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}"
+          echo "REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}"
+          echo "REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}"
+          echo "PUBLISH_ADDRESS: ${{ env.PUBLISH_ADDRESS }}"
+          echo "TAG: ${{ env.TAG }}"
+          echo "Environment Variables:"
+          env  # List all environment variables for debugging
+
       - name: Checkout repo
         uses: actions/checkout@v4
         with:
@@ -21,4 +57,4 @@ jobs:
         with:
           version: "latest"
           verb: call
-          args: publish-image --source=. --cosign-key=${{ secrets.COSIGN_KEY }} --cosign-password=${{ env.COSIGN_PASSWORD }}  --reg-username=${{ env.REGISTRY_USERNAME }}  --reg-password=${{ env.REGISTRY_PASSWORD }}
+          args: "publish-image --source=. --cosign-password='${{ env.COSIGN_PASSWORD }}' --cosign-key='${{ env.COSIGN_KEY }}' --reg-username='${{ env.REGISTRY_USERNAME }}' --reg-password='${{ env.REGISTRY_PASSWORD }}' --publish-address='${{ env.PUBLISH_ADDRESS }}' --tag='${{ env.TAG }}'"
diff --git a/dagger/main.go b/dagger/main.go
@@ -12,8 +12,6 @@ const (
 	GO_VERSION           = "1.22.5"
 	SYFT_VERSION         = "v1.9.0"
 	GORELEASER_VERSION   = "v2.1.0"
-	APP_NAME             = "dagger-harbor-cli"
-	PUBLISH_ADDRESS      = "demo.goharbor.io/library/harbor-cli:0.0.3"
 )
 
 type HarborCli struct{}
@@ -22,12 +20,13 @@ func (m *HarborCli) Build(
 	ctx context.Context,
 	// +optional
 	// +defaultPath="./"
-	source *dagger.Directory) *dagger.Directory {
+	source *dagger.Directory,
+) []*dagger.Container {
+	var builds []*dagger.Container
 
 	fmt.Println("🛠️  Building with Dagger...")
 	oses := []string{"linux", "darwin", "windows"}
 	arches := []string{"amd64", "arm64"}
-	outputs := dag.Directory()
 	for _, goos := range oses {
 		for _, goarch := range arches {
 			bin_path := fmt.Sprintf("build/%s/%s/", goos, goarch)
@@ -41,12 +40,13 @@ func (m *HarborCli) Build(
 				WithEnvVariable("GOCACHE", "/go/build-cache").
 				WithEnvVariable("GOOS", goos).
 				WithEnvVariable("GOARCH", goarch).
-				WithExec([]string{"go", "build", "-o", bin_path + "harbor", "/src/cmd/harbor/main.go"})
-			// Get reference to build output directory in container
-			outputs = outputs.WithDirectory(bin_path, builder.Directory(bin_path))
+				WithExec([]string{"go", "build", "-o", bin_path + "harbor", "/src/cmd/harbor/main.go"}).
+				WithWorkdir(bin_path).WithExec([]string{"ls"}).WithEntrypoint([]string{"./harbor"})
+
+			builds = append(builds, builder)
 		}
 	}
-	return outputs
+	return builds
 }
 
 func (m *HarborCli) Lint(
@@ -65,14 +65,14 @@ func (m *HarborCli) Lint(
 		WithMountedDirectory("/src", source).
 		WithWorkdir("/src").
 		WithExec([]string{"golangci-lint", "run", "--timeout", "5m"})
-
 }
 
 func (m *HarborCli) PullRequest(ctx context.Context,
 	// +optional
 	// +defaultPath="./"
 	source *dagger.Directory,
-	githubToken string) {
+	githubToken string,
+) {
 	goreleaser := goreleaserContainer(source, githubToken).WithExec([]string{"release", "--snapshot", "--clean"})
 	_, err := goreleaser.Stderr(ctx)
 	if err != nil {
@@ -87,7 +87,8 @@ func (m *HarborCli) Release(
 	// +optional
 	// +defaultPath="./"
 	source *dagger.Directory,
-	githubToken string) {
+	githubToken string,
+) {
 	goreleaser := goreleaserContainer(source, githubToken).WithExec([]string{"release", "--clean"})
 	_, err := goreleaser.Stderr(ctx)
 	if err != nil {
@@ -97,36 +98,105 @@ func (m *HarborCli) Release(
 	log.Println("Release tasks completed successfully 🎉")
 }
 
+// PublishImage publishes a Docker image to a registry with a specific tag and signs it using Cosign.
+// cosignKey: the secret used for signing the image
+// cosignPassword: the password for the cosign secret
+// regUsername: the username for the registry
+// regPassword: the password for the registry
+// publishAddress: the address of the registry to publish the image
+// tag: the version tag for the image
 func (m *HarborCli) PublishImage(
 	ctx context.Context,
 	// +optional
 	// +defaultPath="./"
 	source *dagger.Directory,
-	cosignKey *dagger.Secret,
+	cosignKey string,
 	cosignPassword string,
 	regUsername string,
 	regPassword string,
+	publishAddress string,
+	tag string,
 ) string {
+	var container *dagger.Container
+	var filteredBuilders []*dagger.Container
+
+	builders := m.Build(ctx, source)
+	if len(builders) > 0 {
+		fmt.Println(len(builders))
+		container = builders[0]
+		builders = builders[3:6]
+	}
+	dir := dag.Directory()
+	dir = dir.WithDirectory(".", container.Directory("."))
 
-	builder := m.Build(ctx, source)
 	// Create a minimal cli_runtime container
 	cli_runtime := dag.Container().
 		From("alpine:latest").
 		WithWorkdir("/root/").
-		WithFile("/root/harbor", builder.File("/")).
+		WithFile("/root/harbor", dir.File("./harbor")).
+		WithExec([]string{"ls"}).
+		WithExec([]string{"./harbor", "--help"}).
 		WithEntrypoint([]string{"./harbor"})
 
-	addr, _ := cli_runtime.Publish(ctx, PUBLISH_ADDRESS)
+	for _, builder := range builders {
+		if !(buildPlatform(ctx, builder) == "linux/amd64") {
+			filteredBuilders = append(filteredBuilders, builder)
+		}
+	}
+
+	//  	// Create a builder container for multi-architecture images
+	// multiArchBuilder := dag.Container().
+	// 	From("docker/buildx:latest").
+	// 	WithWorkdir("/workspace")
+	//
+	// // Add binaries for each OS and architecture to the multi-arch image
+	// oses := []string{"linux", "darwin", "windows"}
+	// arches := []string{"amd64", "arm64"}
+	//
+	// for _, goos := range oses {
+	// 	for _, goarch := range arches {
+	// 		binPath := fmt.Sprintf("build/%s/%s/harbor", goos, goarch)
+	// 		multiArchBuilder = multiArchBuilder.WithFile(fmt.Sprintf("/workspace/%s/%s/harbor", goos, goarch), builder.File(binPath))
+	// 	}
+	// }
+
+	// Build the multi-architecture image
+	// multiArchImage := fmt.Sprintf("%s:%s", publishAddress, tag)
+
+	cosign_key := dag.SetSecret("cosign_key", cosignKey)
 	cosign_password := dag.SetSecret("cosign_password", cosignPassword)
 	regpassword := dag.SetSecret("reg_password", regPassword)
-	_, err := dag.Cosign().Sign(ctx, cosignKey, cosign_password, []string{addr}, dagger.CosignSignOpts{RegistryUsername: regUsername, RegistryPassword: regpassword})
+
+	// Push the versioned tag
+	versionedAddress := fmt.Sprintf("%s:%s", publishAddress, tag)
+	addr, err := cli_runtime.Publish(ctx, versionedAddress, dagger.ContainerPublishOpts{PlatformVariants: filteredBuilders})
 	if err != nil {
 		panic(err)
 	}
-	fmt.Printf("Published to %s 🎉\n", addr)
+
+	// Push the latest tag
+	latestAddress := fmt.Sprintf("%s:latest", publishAddress)
+	addr, err = cli_runtime.Publish(ctx, latestAddress)
+	if err != nil {
+		panic(err)
+	}
+	_, err = dag.Cosign().Sign(ctx, cosign_key, cosign_password, []string{addr}, dagger.CosignSignOpts{RegistryUsername: regUsername, RegistryPassword: regpassword})
+	if err != nil {
+		panic(err)
+	}
+	fmt.Printf("Successfully published image to %s 🎉\n", addr)
+
 	return addr
 }
 
+func buildPlatform(ctx context.Context, container *dagger.Container) string {
+	platform, err := container.Platform(ctx)
+	if err != nil {
+		log.Fatalf("error getting platform", err)
+	}
+	return string(platform)
+}
+
 func goreleaserContainer(directoryArg *dagger.Directory, githubToken string) *dagger.Container {
 	token := dag.SetSecret("github_token", githubToken)